Skip to content

Commit

Permalink
Add more validators (#7)
Browse files Browse the repository at this point in the history 
* build: πŸ“¦ Fix url in pyproject

* feat: ✨ Add SigmahqFieldWithSpaceValidator

* feat: ✨ Add OfthemConditionValidator

* fix: πŸ› Fix SigmahqOfthemConditionValidator

* fix: πŸ› Fix unbound field error

* feat: ✨ Add SigmahqOfselectionConditionValidator

* feat: ✨ Add SigmahqNoasterixofselectionConditionValidator

* build: πŸ“¦ Update to 0.6.0
  • Loading branch information
@frack113
frack113 authored May 22, 2024
1 parent 411e945 commit 4b9162f
Show file tree
Hide file tree
Showing 7 changed files with 427 additions and 83 deletions.
55 changes: 30 additions & 25 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,31 +11,36 @@ Create all validators specific to the requirements of the SigmaHQ rules reposito

| Name | Description|
| --- | ---|
| sigmahq_date_existence | Checks if rule has a data. |
| sigmahq_description_existence | Checks if rule has a description. |
| sigmahq_description_length | Checks if rule has a description. |
| sigmahq_falsepositives_banned_word | Checks if rule falsepositive start with a banned word. |
| sigmahq_falsepositives_capital | Checks if rule falsepositive start with a capital. |
| sigmahq_falsepositives_typo_word | Checks if rule falsepositive start with a common typo error. |
| sigmahq_field_duplicate_value | Check uniques value in field list. |
| sigmahq_fieldname_cast | Check field name have a cast error. |
| sigmahq_filename | Check rule filename match SigmaHQ standard. |
| sigmahq_filename_prefix | Check rule filename match SigmaHQ prefix standard. |
| sigmahq_invalid_all_modifier | Check All modifier used with a single value. |
| sigmahq_invalid_field_source | Check field Source use with Eventlog. |
| sigmahq_invalid_fieldname | Check field name do not exist in the logsource. |
| sigmahq_level_existence | Checks if rule has a level. |
| sigmahq_link_description | Checks if rule description use a link instead of references. |
| sigmahq_logsource_coherent | Checks if rule has Coherent logsource. |
| sigmahq_logsource_known | Checks if rule has known logsource. |
| sigmahq_space_fieldname | Check field name have a space. |
| sigmahq_status_deprecated | Checks if rule has a status DEPRECATED. |
| sigmahq_status_existence | Checks if rule has a status. |
| sigmahq_status_unsupported | Checks if rule has a status UNSUPPORTED. |
| sigmahq_title_case | Checks if rule title use capitalization. |
| sigmahq_title_end | Checks if rule title end with a dot(.). |
| sigmahq_title_length | Checks if rule has a title too long. |
| sigmahq_title_start | Checks if rule title start with Detects. |
| sigmahq_date_existence | Checks if rule has a data. |
| sigmahq_description_existence | Checks if rule has a description. |
| sigmahq_description_length | Checks if rule has a description. |
| sigmahq_falsepositives_banned_word | Checks if rule falsepositive start with a banned word. |
| sigmahq_falsepositives_capital | Checks if rule falsepositive start with a capital. |
| sigmahq_falsepositives_typo_word | Checks if rule falsepositive start with a common typo error. |
| sigmahq_field_duplicate_value | Check uniques value in field list. |
| sigmahq_field_with_space | Check field do not have a space. |
| sigmahq_fieldname_cast | Check field name have a cast error. |
| sigmahq_filename | Check rule filename match SigmaHQ standard. |
| sigmahq_filename_prefix | Check rule filename match SigmaHQ prefix standard. |
| sigmahq_invalid_all_modifier | Check All modifier used with a single value. |
| sigmahq_invalid_field_source | Check field Source use with Eventlog. |
| sigmahq_invalid_fieldname | Check field name do not exist in the logsource. |
| sigmahq_level_existence | Checks if rule has a level. |
| sigmahq_link_description | Checks if rule description use a link instead of references. |
| sigmahq_logsource_coherent | Checks if rule has Coherent logsource. |
| sigmahq_logsource_known | Checks if rule has known logsource. |
| sigmahq_noasterixofselection_condition | Check use '1/all of ' without asterix |
| sigmahq_ofselection_condition | Check use 'all/X of ' with only one selection |
| sigmahq_ofthem_condition | Check use ' of them' with only one selection |
| sigmahq_space_fieldname | Check field name have a space. |
| sigmahq_status_deprecated | Checks if rule has a status DEPRECATED. |
| sigmahq_status_existence | Checks if rule has a status. |
| sigmahq_status_unsupported | Checks if rule has a status UNSUPPORTED. |
| sigmahq_title_case | Checks if rule title use capitalization. |
| sigmahq_title_end | Checks if rule title end with a dot(.). |
| sigmahq_title_length | Checks if rule has a title too long. |
| sigmahq_title_start | Checks if rule title start with Detects. |


# Data

Expand Down
Loading

0 comments on commit 4b9162f

Please sign in to comment.