Skip to content

Commit

Permalink
Update typo
Browse files Browse the repository at this point in the history
  • Loading branch information
@frack113
frack113 committed Aug 9, 2024
1 parent 41c88d2 commit a0ac155
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 33 deletions.
62 changes: 31 additions & 31 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,37 +11,37 @@ Create all validators specific to the requirements of the SigmaHQ rules reposito

| Name | Description| severity |
| --- | --- | --- |
| sigmahq_categori_providername | Checks if a rule uses a Provider_Name field with a windows | MEDIUM |
| sigmahq_categorie_eventid | Checks if a rule uses an EventID field with a windows | MEDIUM |
| sigmahq_date_existence | Checks if rule has a data. | MEDIUM |
| sigmahq_description_existence | Checks if rule has a description. | MEDIUM |
| sigmahq_description_length | Checks if rule has a description. | MEDIUM |
| sigmahq_falsepositives_banned_word | Checks if rule falsepositive start with a banned word. | MEDIUM |
| sigmahq_falsepositives_capital | Checks if rule falsepositive start with a capital. | MEDIUM |
| sigmahq_falsepositives_typo_word | Checks if rule falsepositive start with a common typo error. | MEDIUM |
| sigmahq_field_duplicate_value | Check uniques value in field list. | HIGH |
| sigmahq_field_user | Check a User field use a localized name. | HIGH |
| sigmahq_field_with_space | Check field do not have a space. | HIGH |
| sigmahq_fieldname_cast | Check field name have a cast error. | HIGH |
| sigmahq_filename | Check rule filename match SigmaHQ standard. | MEDIUM |
| sigmahq_filename_prefix | Check rule filename match SigmaHQ prefix standard. | MEDIUM |
| sigmahq_invalid_all_modifier | Check All modifier used with a single value. | HIGH |
| sigmahq_invalid_field_source | Check field Source use with Eventlog. | HIGH |
| sigmahq_invalid_fieldname | Check field name do not exist in the logsource. | HIGH |
| sigmahq_level_existence | Checks if rule has a level. | MEDIUM |
| sigmahq_link_description | Checks if rule description use a link instead of references. | MEDIUM |
| sigmahq_logsource_known | Checks if rule has known logsource. | HIGH |
| sigmahq_noasterixofselection_condition | Check use '1/all of ' without asterix | MEDIUM |
| sigmahq_ofselection_condition | Check use 'All/X of ' with only one selection | LOW |
| sigmahq_ofthem_condition | Check use ' of them' with only one selection | LOW |
| sigmahq_space_fieldname | Check field name have a space. | HIGH |
| sigmahq_status | Checks if rule has a status DEPRECATED or UNSUPPORTED. | MEDIUM |
| sigmahq_status_existence | Checks if rule has a status. | HIGH |
| sigmahq_sysmon_missing_eventid | Checks if rule use windows sysmon service without EventID. | HIGH |
| sigmahq_title_case | Checks if rule title use capitalization. | MEDIUM |
| sigmahq_title_end | Checks if rule title end with a dot(.). | MEDIUM |
| sigmahq_title_length | Checks if rule has a title too long. | MEDIUM |
| sigmahq_title_start | Checks if rule title start with Detects. | MEDIUM |
| sigmahq_categori_providername | Checks if a rule uses a Provider_Name field with a windows | medium |
| sigmahq_categorie_eventid | Checks if a rule uses an EventID field with a windows | medium |
| sigmahq_date_existence | Checks if rule has a data. | medium |
| sigmahq_description_existence | Checks if rule has a description. | medium |
| sigmahq_description_length | Checks if rule has a description. | medium |
| sigmahq_falsepositives_banned_word | Checks if rule falsepositive start with a banned word. | medium |
| sigmahq_falsepositives_capital | Checks if rule falsepositive start with a capital. | medium |
| sigmahq_falsepositives_typo_word | Checks if rule falsepositive start with a common typo error. | medium |
| sigmahq_field_duplicate_value | Check uniques value in field list. | high |
| sigmahq_field_user | Check a User field use a localized name. | high |
| sigmahq_field_with_space | Check field do not have a space. | high |
| sigmahq_fieldname_cast | Check field name have a cast error. | high |
| sigmahq_filename | Check rule filename match SigmaHQ standard. | medium |
| sigmahq_filename_prefix | Check rule filename match SigmaHQ prefix standard. | medium |
| sigmahq_invalid_all_modifier | Check All modifier used with a single value. | high |
| sigmahq_invalid_field_source | Check field Source use with Eventlog. | high |
| sigmahq_invalid_fieldname | Check field name do not exist in the logsource. | high |
| sigmahq_level_existence | Checks if rule has a level. | medium |
| sigmahq_link_description | Checks if rule description use a link instead of references. | medium |
| sigmahq_logsource_known | Checks if rule has known logsource. | high |
| sigmahq_noasterixofselection_condition | Check use '1/all of ' without asterix | medium |
| sigmahq_ofselection_condition | Check use 'All/X of ' with only one selection | low |
| sigmahq_ofthem_condition | Check use ' of them' with only one selection | low |
| sigmahq_space_fieldname | Check field name have a space. | high |
| sigmahq_status | Checks if rule has a status field with the value Deprecated or Unsupported. | medium |
| sigmahq_status_existence | Checks if rule has a status. | high |
| sigmahq_sysmon_missing_eventid | Checks if rule use windows sysmon service without EventID. | high |
| sigmahq_title_case | Checks if rule title use capitalization. | medium |
| sigmahq_title_end | Checks if rule title end with a dot(.). | medium |
| sigmahq_title_length | Checks if rule has a title too long. | medium |
| sigmahq_title_start | Checks if rule title start with Detects. | medium |


# 🧬 Data
Expand Down
4 changes: 2 additions & 2 deletions sigma/validators/sigmahq/metadata.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,12 @@ def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:

@dataclass
class SigmahqStatusIssue(SigmaValidationIssue):
description: ClassVar[str] = "Rule has a status DEPRECATED or UNSUPPORTED"
description: ClassVar[str] = "Rule uses the Deprecated or Unsupported status field"
severity: ClassVar[SigmaValidationIssueSeverity] = SigmaValidationIssueSeverity.HIGH


class SigmahqStatusValidator(SigmaRuleValidator):
"""Checks if rule has a status DEPRECATED or UNSUPPORTED."""
"""Checks if rule has a status field with the value Deprecated or Unsupported."""

def validate(self, rule: SigmaRule) -> List[SigmaValidationIssue]:
if rule.status and rule.status.name in ["DEPRECATED", "UNSUPPORTED"]:
Expand Down

0 comments on commit a0ac155

Please sign in to comment.