valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 18:23:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,144 Commits 20 Branches 25 Tags 21 MiB
985f56c0e9
Commit Graph

80 Commits

Author SHA1 Message Date
Florian Roth
d3ee1aba66 docs: MITRE ATT&CK(R) trademark references removed or adjusted 
https://github.com/Neo23x0/sigma/issues/1028
 2020-09-30 08:53:52 +02:00
Florian Roth
8970d03f6f
Merge pull request #952 from Neo23x0/devel 
feat: Detect duplicate rule tags
 2020-07-28 10:21:59 +02:00
Florian Roth
051e2ce905 feat: detect duplicate tags 2020-07-27 11:37:58 +02:00
Ryan Plas
de53a08746 Merge branch 'master' of github.com:Neo23x0/sigma 2020-07-15 10:27:33 -04:00
Florian Roth
71e66ea9ba refactor: tests use live data from MITRE's TAXI service 2020-07-14 17:54:02 +02:00
Florian Roth
cf25b9c509 feat: filename test 2020-07-14 12:33:16 +02:00
Florian Roth
495376df77 refactor: references test without warnings for missing refs 2020-07-14 12:33:02 +02:00
Florian Roth
bae979f5c7 refactor: ignore sub techniques as long as we do not have a complete list 2020-07-14 11:56:28 +02:00
Ryan Plas
9eb5d8da4d Add logsource attribute rule test 2020-07-13 17:02:28 -04:00
Florian Roth
b3e15eea68 fix: nested check 2020-07-13 18:49:00 +02:00
Florian Roth
91c0bea570 fix: typo and reordered 2020-07-13 18:22:47 +02:00
Florian Roth
758f5039b5 fix: no error on rules without references 2020-07-13 18:16:32 +02:00
Florian Roth
8d91659c2a fix: typo in field value 2020-07-13 18:08:00 +02:00
Florian Roth
4c610ec693 feat: test references is list 2020-07-13 18:07:19 +02:00
Florian Roth
87ce5e5745 fix: missing MITRE ATT&CK IDs in test 2020-07-13 16:02:22 +02:00
Florian Roth
ab40cdbbd7 fix: missing ATT&CK id 2020-07-01 09:57:35 +02:00
Florian Roth
912ad94771 fix: missing ATT&CK id in tests 2020-06-19 10:00:44 +02:00
Ivan Kirillov
69760f6446 Added subtechniques to MITRE_TECHNIQUES 2020-06-17 11:51:48 -06:00
ecco
327a53c120 add new test for sysmon rules without eventid 2020-05-23 10:25:37 -04:00
ecco
2b89e56054 fix test 2020-05-23 10:03:13 -04:00
Florian Roth
030898ba9c
Merge branch 'master' into override-coverage 2020-05-02 14:22:03 +02:00
Maxime Thiebaut
4600bf73dc Update rules to follow the Sigma state specification 
The [Sigma specification's status component](https://github.com/Neo23x0/sigma/wiki/Specification#status-optional) states the following:

> Declares the status of the rule:
>  - stable: the rule is considered as stable and may be used in production systems or dashboards.
>  - test: an almost stable rule that possibly could require some fine tuning.
>  - experimental: an experimental rule that could lead to false results or be noisy, but could also identify interesting events.

However the Sigma Rx YAML specification states the following:

> ```yaml
> status:
>     type: //any
>     of:
>         - type: //str
>           value: stable
>         - type: //str
>           value: testing
>         - type: //str
>           value: experimental
> ```

The specification confuses the `test` and `testing` state. This commit changes the `test` state into the `testing` state which is already used in the code-base:
 - [`sigma/sigma-schema.rx.yml`](a805d18bba/sigma-schema.rx.yml (L49))
 - [`sigma/tools/sigma/filter.py`](f3c60a6309/tools/sigma/filter.py (L26))
 - [`sigma/tools/sigmac`](4e42bebb34/tools/sigmac (L98))

Although not modifyable through a PR, the specification should furthermore be updated to use the `testing` state.
 2020-04-24 20:50:31 +02:00
Thomas Patzke
d33f4b290d Dependency cleanup 
* Consolidated dependencies into main and development (MISP and test
  intergrated).
* Splitted Pipfile dependencies into main and development
* Specified compatible dependencies
 2020-03-29 22:55:09 +02:00
Florian Roth
0e1ff440db fix: updated MITRE tags in test 2020-03-25 14:04:22 +01:00
Thomas Patzke
373424f145 Rule fixes 
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
 2020-02-20 23:00:16 +01:00
Thomas Patzke
d7bd90cb24 Merge branch 'master' into oscd 2020-02-03 23:13:16 +01:00
Thomas Patzke
815c562a17 Merge branch 'master' into oscd 2020-02-02 13:40:08 +01:00
Florian Roth
9876623710 doc: helpful link in error message 2020-02-01 15:43:11 +01:00
Florian Roth
1735614747 feat: rule title tests 2020-01-30 17:26:21 +01:00
Florian Roth
43af93a678 feat: detect missing date 2020-01-30 16:08:34 +01:00
Florian Roth
14e7b17eb9 feat: detect missing id 2020-01-30 16:08:24 +01:00
Florian Roth
93e1299010 style: PEP8 in test_rules.py 2020-01-30 16:08:10 +01:00
Florian Roth
f84b3abf2d fix: missing commas in list 2020-01-30 08:56:13 +01:00
Florian Roth
aa5ce18abc feat: support of new MITRE ATT&CK tags 2020-01-30 08:55:44 +01:00
Florian Roth
7bf472834b feat: colorized error messages 2020-01-30 08:50:22 +01:00
Florian Roth
9d96b7c1a3 fix: print_error function not global 2020-01-30 08:39:58 +01:00
Florian Roth
fe6c30fa59 feat: colorized output in test 2020-01-30 08:37:47 +01:00
Florian Roth
5e59bbb3c3
Added MITRE ATT&CK Technique T1482 
https://attack.mitre.org/techniques/T1482/
 2019-12-28 16:02:26 +01:00
Thomas Patzke
694d666539 Merge branch 'master' into oscd 2019-12-19 23:15:15 +01:00
Thomas Patzke
397b3b8cc6 Updated rule test MITRE ATT&CK identifiers 2019-12-17 01:13:06 +01:00
Thomas Patzke
ee4138c48e
Merge pull request #526 from zouzias/hotfix_aggregate_count_distinct_groupby 
[feature] extend es-dsl to support nested aggregations
 2019-12-13 21:55:47 +01:00
Florian Roth
2cf6e16024 fix: missing new MITRE tactics category in tests 2019-11-14 23:31:38 +01:00
Anastasios Zouzias
324005a126 [feature] extend es-dsl to support nested aggregations 2019-11-12 11:46:43 +01:00
Thomas Patzke
238adf9eea Improved rule test 
* Added ATT&CK technique
* Removed invalid tags
 2019-11-08 22:03:19 +01:00
Thomas Patzke
ef14ee542d Added modifiers: startswith and endswith 2019-11-05 23:04:13 +01:00
Hilko Bengen
d759896e07 Make coverage binary overridable 
This makes it possible to pass a different coverage program to make
test, e.g.:

    make test COVERAGE=python3-coverage
 2019-10-23 15:42:25 +02:00
Thomas Patzke
fc276612b6 Added encoding modifiers 2019-10-16 23:52:06 +02:00
Thomas Patzke
c80cb418cd Improved QRadar regular expression support 2019-09-05 15:35:26 +02:00
Thomas Patzke
59a6a0c523 Added ATT&CK technique to rule test 2019-08-25 10:13:11 +02:00
Thomas Patzke
a65a9655f4 Fixed config naming in es-qs query backend test 2019-08-02 08:25:21 +02:00