pySigma SigmaHQ validators
Project description
pySigma_validators_sigmaHQ
Purpose
Create all validators specific to the requirements of the SigmaHQ rules repository
Validators
Name | Description |
---|---|
sigmahq_categorie_eventid | Checks if rule use Eventid with a windows category that |
sigmahq_date_existence | Checks if rule has a data. |
sigmahq_description_existence | Checks if rule has a description. |
sigmahq_description_length | Checks if rule has a description. |
sigmahq_falsepositives_banned_word | Checks if rule falsepositive start with a banned word. |
sigmahq_falsepositives_capital | Checks if rule falsepositive start with a capital. |
sigmahq_falsepositives_typo_word | Checks if rule falsepositive start with a common typo error. |
sigmahq_field_duplicate_value | Check uniques value in field list. |
sigmahq_field_user | Check a User field use a localized name. |
sigmahq_field_with_space | Check field do not have a space. |
sigmahq_fieldname_cast | Check field name have a cast error. |
sigmahq_filename | Check rule filename match SigmaHQ standard. |
sigmahq_filename_prefix | Check rule filename match SigmaHQ prefix standard. |
sigmahq_invalid_all_modifier | Check All modifier used with a single value. |
sigmahq_invalid_field_source | Check field Source use with Eventlog. |
sigmahq_invalid_fieldname | Check field name do not exist in the logsource. |
sigmahq_level_existence | Checks if rule has a level. |
sigmahq_link_description | Checks if rule description use a link instead of references. |
sigmahq_logsource_known | Checks if rule has known logsource. |
sigmahq_noasterixofselection_condition | Check use '1/all of ' without asterix |
sigmahq_ofselection_condition | Check use 'All/X of ' with only one selection |
sigmahq_ofthem_condition | Check use ' of them' with only one selection |
sigmahq_sigmac | Checks if rule use a selection name that break sigmac. |
sigmahq_space_fieldname | Check field name have a space. |
sigmahq_status_deprecated | Checks if rule has a status DEPRECATED. |
sigmahq_status_existence | Checks if rule has a status. |
sigmahq_status_unsupported | Checks if rule has a status UNSUPPORTED. |
sigmahq_title_case | Checks if rule title use capitalization. |
sigmahq_title_end | Checks if rule title end with a dot(.). |
sigmahq_title_length | Checks if rule has a title too long. |
sigmahq_title_start | Checks if rule title start with Detects. |
Data
All the data value are in the config.py
Maintainer
This pipelines is currently maintained by:
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for pysigma_validators_sigmahq-0.7.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 974d4de8a75ae883511e5e12fb6452babc8abfd3f6bff26fb68dd1e55b90c83f |
|
MD5 | 35a44f57ce9f49cc4de942cf34c113ee |
|
BLAKE2b-256 | ed5b715931650d01239dfe732239273664fd590be738a63840986c1f33ae23e0 |
Close
Hashes for pysigma_validators_sigmahq-0.7.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3f06f7659e4b33f4186e62124a3ff93dac455ad1a04bee00807d521062af6a5b |
|
MD5 | ee110214163103ae7f8a385a8a425c61 |
|
BLAKE2b-256 | 08b2085a4e70c77e8efb9ab16c6dde825e2ecd27be4d7eaaafbd53b4dc2e3ea7 |