Thomas Patzke
373424f145
Rule fixes
...
Made tests pass the new CI tests. Added further allowed lower case words
in rule test.
2020-02-20 23:00:16 +01:00
Thomas Patzke
d7bd90cb24
Merge branch 'master' into oscd
2020-02-03 23:13:16 +01:00
Thomas Patzke
815c562a17
Merge branch 'master' into oscd
2020-02-02 13:40:08 +01:00
Florian Roth
9876623710
doc: helpful link in error message
2020-02-01 15:43:11 +01:00
Florian Roth
1735614747
feat: rule title tests
2020-01-30 17:26:21 +01:00
Florian Roth
43af93a678
feat: detect missing date
2020-01-30 16:08:34 +01:00
Florian Roth
14e7b17eb9
feat: detect missing id
2020-01-30 16:08:24 +01:00
Florian Roth
93e1299010
style: PEP8 in test_rules.py
2020-01-30 16:08:10 +01:00
Florian Roth
f84b3abf2d
fix: missing commas in list
2020-01-30 08:56:13 +01:00
Florian Roth
aa5ce18abc
feat: support of new MITRE ATT&CK tags
2020-01-30 08:55:44 +01:00
Florian Roth
7bf472834b
feat: colorized error messages
2020-01-30 08:50:22 +01:00
Florian Roth
9d96b7c1a3
fix: print_error function not global
2020-01-30 08:39:58 +01:00
Florian Roth
fe6c30fa59
feat: colorized output in test
2020-01-30 08:37:47 +01:00
Florian Roth
5e59bbb3c3
Added MITRE ATT&CK Technique T1482
...
https://attack.mitre.org/techniques/T1482/
2019-12-28 16:02:26 +01:00
Thomas Patzke
694d666539
Merge branch 'master' into oscd
2019-12-19 23:15:15 +01:00
Thomas Patzke
397b3b8cc6
Updated rule test MITRE ATT&CK identifiers
2019-12-17 01:13:06 +01:00
Thomas Patzke
ee4138c48e
Merge pull request #526 from zouzias/hotfix_aggregate_count_distinct_groupby
...
[feature] extend es-dsl to support nested aggregations
2019-12-13 21:55:47 +01:00
Florian Roth
2cf6e16024
fix: missing new MITRE tactics category in tests
2019-11-14 23:31:38 +01:00
Anastasios Zouzias
324005a126
[feature] extend es-dsl to support nested aggregations
2019-11-12 11:46:43 +01:00
Thomas Patzke
238adf9eea
Improved rule test
...
* Added ATT&CK technique
* Removed invalid tags
2019-11-08 22:03:19 +01:00
Thomas Patzke
ef14ee542d
Added modifiers: startswith and endswith
2019-11-05 23:04:13 +01:00
Thomas Patzke
fc276612b6
Added encoding modifiers
2019-10-16 23:52:06 +02:00
Thomas Patzke
c80cb418cd
Improved QRadar regular expression support
2019-09-05 15:35:26 +02:00
Thomas Patzke
59a6a0c523
Added ATT&CK technique to rule test
2019-08-25 10:13:11 +02:00
Thomas Patzke
a65a9655f4
Fixed config naming in es-qs query backend test
2019-08-02 08:25:21 +02:00
Thomas Patzke
0ca15e5c5e
Added test case for value modifiers
2019-07-16 23:14:55 +02:00
Thomas Patzke
4559aa4e00
Fixed es-qs backend check
2019-04-23 00:05:36 +02:00
Thomas Patzke
87abd20c0f
Removed deprecated PyYAML API from rule test
2019-04-22 23:21:08 +02:00
Florian Roth
d0950bd077
fix: yaml.load() issue
...
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
2019-04-21 20:30:31 +02:00
Thomas Patzke
5e973a6321
Fixes and CI testing of --backend-config
2019-03-15 23:46:38 +01:00
Tareq AlKhatib
7f4557d183
Enabled check for process_creation
2019-03-09 21:00:11 +03:00
Tareq AlKhatib
c3b079990a
Properly end anchored the regex
2019-03-09 19:23:50 +03:00
Tareq AlKhatib
be2ca8dc4d
Added checks for Sysmon 1 or EID 4688 instead of process_creation
2019-03-02 20:51:49 +03:00
Thomas Patzke
c922f7d73f
Merge branch 'master' into project-1
2019-02-26 00:24:46 +01:00
Tareq AlKhatib
ae62acf3d2
Added a test for duplicate filters and a test for Source: Eventlog
2019-02-18 21:05:58 +03:00
Tareq AlKhatib
97b28f4308
Added a test for unnecessary use of '1 of them' in condition
2019-02-13 21:27:27 +03:00
Tareq AlKhatib
cd2af196e3
Corrected path to rules
2019-01-25 12:25:51 +03:00
Tareq AlKhatib
96220e776f
Added a test to check for duplicate filters in rules
2019-01-25 12:22:28 +03:00
Thomas Patzke
3c7f46a6cd
Added rule test to CI testing
2019-01-23 23:31:36 +01:00
Tareq AlKhatib
e3d61047bb
Added two tests. One for MITRE and another for file extension.
2019-01-22 21:25:13 +03:00
Thomas Patzke
a9cf14438c
Merge branch 'master' into project-1
2019-01-14 22:36:15 +01:00
Thomas Patzke
0e4842962b
Added tests
2018-11-04 22:16:20 +01:00
tuckner
bd5b823725
Removed specific NetWintess config from test
2018-10-31 14:32:13 -05:00
tuckner
26f73d60fa
Added NetWitness backend and tests
2018-10-31 14:07:59 -05:00
Thomas Patzke
44ff9d154e
Increased test coverage for mapping corner cases
2018-10-16 14:53:12 +02:00
Thomas Patzke
e411039b56
Fixed escaping of \u in Elasticsearch Query String queries
2018-05-01 00:05:16 +02:00
Thomas Patzke
15a6c5efb5
Detailed error messages for failed queries
2018-04-12 00:20:54 +02:00
Thomas Patzke
aeda30a389
Python rewrite of es-qs query test
2018-04-11 23:59:44 +02:00
Thomas Patzke
788111f174
Fixes for Elasticsearch query correctness CI tests
...
* Quoting in rule
* Reading queries without special processing of backslashes
Unfortunately, backslashes still cause breaks caused by Bash handling of
them.
2018-04-09 22:33:29 +02:00
Thomas Patzke
24d94d39b8
CI: Testing backend es-qs against Elasticsearch
2018-04-04 00:32:48 +02:00