Project description

pySigma_validators_sigmaHQ

Tests Coverage Badge Status

Purpose

Create all validators specific to the requirements of the SigmaHQ rules repository

Validators

Name	Description
sigmahq_date_existence	Checks if rule has a data.
sigmahq_description_existence	Checks if rule has a description.
sigmahq_description_length	Checks if rule has a description.
sigmahq_falsepositives_banned_word	Checks if rule falsepositive start with a banned word.
sigmahq_falsepositives_capital	Checks if rule falsepositive start with a capital.
sigmahq_falsepositives_typo_word	Checks if rule falsepositive start with a common typo error.
sigmahq_field_duplicate_value	Check uniques value in field list.
sigmahq_field_with_space	Check field do not have a space.
sigmahq_fieldname_cast	Check field name have a cast error.
sigmahq_filename	Check rule filename match SigmaHQ standard.
sigmahq_filename_prefix	Check rule filename match SigmaHQ prefix standard.
sigmahq_invalid_all_modifier	Check All modifier used with a single value.
sigmahq_invalid_field_source	Check field Source use with Eventlog.
sigmahq_invalid_fieldname	Check field name do not exist in the logsource.
sigmahq_level_existence	Checks if rule has a level.
sigmahq_link_description	Checks if rule description use a link instead of references.
sigmahq_logsource_coherent	Checks if rule has Coherent logsource.
sigmahq_logsource_known	Checks if rule has known logsource.
sigmahq_noasterixofselection_condition	Check use '1/all of ' without asterix
sigmahq_ofselection_condition	Check use 'all/X of ' with only one selection
sigmahq_ofthem_condition	Check use ' of them' with only one selection
sigmahq_space_fieldname	Check field name have a space.
sigmahq_status_deprecated	Checks if rule has a status DEPRECATED.
sigmahq_status_existence	Checks if rule has a status.
sigmahq_status_unsupported	Checks if rule has a status UNSUPPORTED.
sigmahq_title_case	Checks if rule title use capitalization.
sigmahq_title_end	Checks if rule title end with a dot(.).
sigmahq_title_length	Checks if rule has a title too long.
sigmahq_title_start	Checks if rule title start with Detects.

Data

All the data value are in the config.py

Maintainer

This pipelines is currently maintained by:

François Hubaut

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.6.0

May 22, 2024

0.5.2

May 7, 2024

0.5.1

May 4, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pysigma_validators_sigmahq-0.6.0.tar.gz (22.7 kB view hashes)

Uploaded May 22, 2024 Source

Built Distribution

pysigma_validators_sigmahq-0.6.0-py3-none-any.whl (25.0 kB view hashes)

Uploaded May 22, 2024 Python 3

Hashes for pysigma_validators_sigmahq-0.6.0.tar.gz

Hashes for pysigma_validators_sigmahq-0.6.0.tar.gz
Algorithm	Hash digest
SHA256	`d3472e77fa9a3215d4adf42a176a129ca172ad792ecf2465c450cdb09acd3f9a`
MD5	`f44467386378bb58446f2e2403c39e61`
BLAKE2b-256	`6c876789d1382611a07332a80420d2e0e5603ae0164aaf5808b1a38eb658c2de`

Hashes for pysigma_validators_sigmahq-0.6.0-py3-none-any.whl

Hashes for pysigma_validators_sigmahq-0.6.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`dfc1fb282050e537fac2f6299d3743e11d4beffc04c60cd7ac9bd8ae462d29cf`
MD5	`51ec35c9c3bb89365d68d98ee9c108a1`
BLAKE2b-256	`656fcf938b62bcdea73bc85ed3cc99371c60e1896f997c959215dfe801879c28`