pySigma SigmaHQ validators
Project description
pySigma_validators_sigmaHQ
Purpose
Create all validators specific to the requirements of the SigmaHQ rules repository
Validators
| Name | Description |
|---|---|
| sigmahq_categorie_eventid | Checks if rule use Eventid with a windows category that |
| sigmahq_date_existence | Checks if rule has a data. |
| sigmahq_description_existence | Checks if rule has a description. |
| sigmahq_description_length | Checks if rule has a description. |
| sigmahq_falsepositives_banned_word | Checks if rule falsepositive start with a banned word. |
| sigmahq_falsepositives_capital | Checks if rule falsepositive start with a capital. |
| sigmahq_falsepositives_typo_word | Checks if rule falsepositive start with a common typo error. |
| sigmahq_field_duplicate_value | Check uniques value in field list. |
| sigmahq_field_user | Check a User field use a localized name. |
| sigmahq_field_with_space | Check field do not have a space. |
| sigmahq_fieldname_cast | Check field name have a cast error. |
| sigmahq_filename | Check rule filename match SigmaHQ standard. |
| sigmahq_filename_prefix | Check rule filename match SigmaHQ prefix standard. |
| sigmahq_invalid_all_modifier | Check All modifier used with a single value. |
| sigmahq_invalid_field_source | Check field Source use with Eventlog. |
| sigmahq_invalid_fieldname | Check field name do not exist in the logsource. |
| sigmahq_level_existence | Checks if rule has a level. |
| sigmahq_link_description | Checks if rule description use a link instead of references. |
| sigmahq_logsource_known | Checks if rule has known logsource. |
| sigmahq_noasterixofselection_condition | Check use '1/all of ' without asterix |
| sigmahq_ofselection_condition | Check use 'All/X of ' with only one selection |
| sigmahq_ofthem_condition | Check use ' of them' with only one selection |
| sigmahq_sigmac | Checks if rule use a selection name that break sigmac. |
| sigmahq_space_fieldname | Check field name have a space. |
| sigmahq_status_deprecated | Checks if rule has a status DEPRECATED. |
| sigmahq_status_existence | Checks if rule has a status. |
| sigmahq_status_unsupported | Checks if rule has a status UNSUPPORTED. |
| sigmahq_title_case | Checks if rule title use capitalization. |
| sigmahq_title_end | Checks if rule title end with a dot(.). |
| sigmahq_title_length | Checks if rule has a title too long. |
| sigmahq_title_start | Checks if rule title start with Detects. |
Data
All the data value are in the config.py
Maintainer
This pipelines is currently maintained by:
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pysigma_validators_sigmahq-0.7.1.tar.gz.
File metadata
- Download URL: pysigma_validators_sigmahq-0.7.1.tar.gz
- Upload date:
- Size: 23.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 75332715a9935aaa48d1133f0dbe52498f14f134af95fda18cedbe4bac179c60 |
|
| MD5 | 71f5a4c991dd8bbf20c1582be2a07c28 |
|
| BLAKE2b-256 | 12035e1fbe5c05376352cf56a6e03884ec0d637a78e902b855556f412f0507db |
File details
Details for the file pysigma_validators_sigmahq-0.7.1-py3-none-any.whl.
File metadata
- Download URL: pysigma_validators_sigmahq-0.7.1-py3-none-any.whl
- Upload date:
- Size: 26.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4206e921ee56fa1c2722d51fc0021380ab658280e76e047b7949e8b99083e4c5 |
|
| MD5 | 64eb414ba1b187377307e7d03dc522a4 |
|
| BLAKE2b-256 | e3d474d5337ca803ebc1a7dad3dd72b2196dc3e3f18ddf40f04dc4abfa91a8ae |
