Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple Updates - Migration to v2 Specification - First Batch #14

Merged
merged 17 commits into from
Aug 10, 2024
Merged

Multiple Updates - Migration to v2 Specification - First Batch #14

merged 17 commits into from
Aug 10, 2024

Conversation

frack113
Copy link
Member

@frack113 frack113 commented Aug 9, 2024
edited by nasbench
Loading

for V1.0.0 #11

  • Remove old sigmac validator
  • Fix multiple typos
  • Rework Deprecated or Unsupported status field Validator
  • Remove SigmahqInvalidFieldSourceValidator
  • Fix SigmahqFalsepositivesTypoWordValidator and SigmahqFalsepositivesBannedWordValidator validators

Add:

  • SigmahqSysmonMissingEventidIssue
  • SigmahqUnknownFieldValidator

@frack113 frack113 marked this pull request as ready for review August 9, 2024 07:00
@frack113 frack113 requested a review from nasbench August 9, 2024 07:01
@nasbench nasbench mentioned this pull request Aug 9, 2024
Closed
@frack113 frack113 changed the title Small Clean Version 0.8.0 to migrate to V2 specification Aug 9, 2024
@nasbench
Copy link
Member

nasbench commented Aug 9, 2024

Still a work in progress for some validators. Will look at them tomorrow.

In the meantime can you tell me why the SigmahqFalsepositivesBannedWordValidator and SigmahqFalsepositivesTypoWordValidatorlooks only at the first word?

  • the SigmahqFalsepositivesTypoWordValidator should be applied to the whole string split
  • the SigmahqFalsepositivesBannedWordValidator should be applied only to single word FPs

I can fix them, but i'm just double checking in case i'm missing something.

Also what is the case for SigmahqInvalidFieldSourceValidator validator?

@nasbench nasbench added the work in progress Work is on progress label Aug 9, 2024
@frack113
Copy link
Member Author

frack113 commented Aug 10, 2024
edited
Loading

SigmahqFalsepositivesBannedWordIssue : https://github.com/SigmaHQ/sigma/blob/8ff9cd8d20ffa6f653fa56ccd6c6b655c88506e0/tests/test_rules.py#L427
I guess, I thought the word would always be the first. 👴🏻

SigmahqInvalidFieldSourceValidator : https://github.com/SigmaHQ/sigma/blob/8ff9cd8d20ffa6f653fa56ccd6c6b655c88506e0/tests/test_rules.py#L298

I have try to make 1=1 with test_rules.py for the version "v0.x" .
Some test may be remove, like sigmac one, now.

@nasbench
Copy link
Member

I will remove the SigmahqInvalidFieldSourceValidator (i think we don't need it anymore) test and rework the banned fp keyword

@nasbench nasbench removed the work in progress Work is on progress label Aug 10, 2024
@nasbench nasbench changed the title Version 0.8.0 to migrate to V2 specification Multiple Updates - Migration to v2 Specification - First Batch Aug 10, 2024
@nasbench nasbench merged commit 2122060 into SigmaHQ:main Aug 10, 2024
12 checks passed
@frack113 frack113 deleted the clean branch August 11, 2024 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nasbench nasbench nasbench approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@frack113 @nasbench