├── .git-blame-ignore-revs ├── .gitattributes ├── .github ├── FUNDING.yml ├── copilot-instructions.md ├── instructions │ ├── docs.md │ ├── sigma.md │ └── tests.md └── workflows │ ├── release.yml │ └── test.yml ├── .gitignore ├── .pre-commit-config.yaml ├── .readthedocs.yaml ├── LICENSE ├── README.md ├── docs ├── Backends.rst ├── Breaking_Changes.rst ├── Makefile ├── Plugin_System.rst ├── Processing_Pipelines.rst ├── Rule_Validation.rst ├── Sigma_Rules.rst ├── conf.py ├── images │ ├── conversion.png │ └── pipelines.png ├── index.rst └── make.bat ├── mypy.ini ├── poetry.lock ├── print-coverage.py ├── pyproject.toml ├── sigma ├── backends │ └── test │ │ ├── __init__.py │ │ └── backend.py ├── collection.py ├── conditions.py ├── conversion │ ├── __init__.py │ ├── base.py │ ├── deferred.py │ └── state.py ├── correlations.py ├── data │ ├── mitre_attack.py │ └── mitre_d3fend.py ├── exceptions.py ├── filters.py ├── modifiers.py ├── pipelines │ ├── base.py │ ├── common.py │ └── test │ │ ├── __init__.py │ │ └── pipeline.py ├── plugins.py ├── processing │ ├── __init__.py │ ├── condition_expressions.py │ ├── conditions │ │ ├── __init__.py │ │ ├── base.py │ │ ├── fields.py │ │ ├── rule.py │ │ ├── state.py │ │ └── values.py │ ├── finalization.py │ ├── pipeline.py │ ├── postprocessing.py │ ├── resolver.py │ ├── templates.py │ ├── tracking.py │ └── transformations │ │ ├── __init__.py │ │ ├── base.py │ │ ├── condition.py │ │ ├── detection_item.py │ │ ├── failure.py │ │ ├── fields.py │ │ ├── meta.py │ │ ├── placeholder.py │ │ ├── rule.py │ │ ├── state.py │ │ └── values.py ├── py.typed ├── rule │ ├── __init__.py │ ├── attributes.py │ ├── base.py │ ├── detection.py │ ├── logsource.py │ └── rule.py ├── types.py ├── validation.py └── validators │ ├── base.py │ └── core │ ├── __init__.py │ ├── condition.py │ ├── logsources.py │ ├── metadata.py │ ├── modifiers.py │ ├── tags.py │ └── values.py └── tests ├── __init__.py ├── conftest.py ├── files ├── correlation_rule_valid │ └── correlation_rule.yml ├── filter_valid │ └── filter_out_domain_controllers.yml ├── finalize.j2 ├── invalid_template_vars.py ├── pipeline.yml ├── pipelines │ ├── pipeline-1.yml │ └── pipeline-2.yml ├── rule_filename_errors │ └── Name.yml ├── rule_valid │ └── win_codeintegrity_unsigned_driver_loaded.yml ├── ruleset │ ├── somethingelse.txt │ ├── subdirectory │ │ └── test_rule_2.yml │ └── test_rule.yml ├── ruleset_duplicate │ ├── sub1 │ │ └── test_rule.yml │ └── sub2 │ │ └── test_rule.yml ├── ruleset_nonduplicate │ └── multiple_rules.yml ├── ruleset_with_errors │ └── test_rule_with_error.yml └── template_vars.py ├── test_backend_identifier.py ├── test_collection.py ├── test_conditions.py ├── test_conversion_base.py ├── test_conversion_correlations.py ├── test_conversion_deferred.py ├── test_conversion_state.py ├── test_convert_rule.py ├── test_correlations.py ├── test_exceptions.py ├── test_filters.py ├── test_finalization_tranformations.py ├── test_modifiers.py ├── test_pipelines_common.py ├── test_plugins.py ├── test_postprocessing_transformations.py ├── test_processing_conditions.py ├── test_processing_pipeline.py ├── test_processing_pipeline_condition_expressions.py ├── test_processing_resolver.py ├── test_processing_tracking.py ├── test_processing_transformations.py ├── test_rule.py ├── test_types.py ├── test_validation.py ├── test_validators.py ├── test_validators_condition.py ├── test_validators_logsource.py ├── test_validators_metadata.py ├── test_validators_modifiers.py └── test_validators_tags.py /.git-blame-ignore-revs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.git-blame-ignore-revs -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto 2 | 3 | poetry.lock linguist-generated=true 4 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.github/FUNDING.yml -------------------------------------------------------------------------------- /.github/copilot-instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.github/copilot-instructions.md -------------------------------------------------------------------------------- /.github/instructions/docs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.github/instructions/docs.md -------------------------------------------------------------------------------- /.github/instructions/sigma.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.github/instructions/sigma.md -------------------------------------------------------------------------------- /.github/instructions/tests.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.github/instructions/tests.md -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.github/workflows/test.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /.readthedocs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/.readthedocs.yaml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/README.md -------------------------------------------------------------------------------- /docs/Backends.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/Backends.rst -------------------------------------------------------------------------------- /docs/Breaking_Changes.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/Breaking_Changes.rst -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/Makefile -------------------------------------------------------------------------------- /docs/Plugin_System.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/Plugin_System.rst -------------------------------------------------------------------------------- /docs/Processing_Pipelines.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/Processing_Pipelines.rst -------------------------------------------------------------------------------- /docs/Rule_Validation.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/Rule_Validation.rst -------------------------------------------------------------------------------- /docs/Sigma_Rules.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/Sigma_Rules.rst -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/conf.py -------------------------------------------------------------------------------- /docs/images/conversion.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/images/conversion.png -------------------------------------------------------------------------------- /docs/images/pipelines.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/images/pipelines.png -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/index.rst -------------------------------------------------------------------------------- /docs/make.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/docs/make.bat -------------------------------------------------------------------------------- /mypy.ini: -------------------------------------------------------------------------------- 1 | [mypy] 2 | packages = sigma 3 | strict = True -------------------------------------------------------------------------------- /poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/poetry.lock -------------------------------------------------------------------------------- /print-coverage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/print-coverage.py -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/pyproject.toml -------------------------------------------------------------------------------- /sigma/backends/test/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/backends/test/__init__.py -------------------------------------------------------------------------------- /sigma/backends/test/backend.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/backends/test/backend.py -------------------------------------------------------------------------------- /sigma/collection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/collection.py -------------------------------------------------------------------------------- /sigma/conditions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/conditions.py -------------------------------------------------------------------------------- /sigma/conversion/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /sigma/conversion/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/conversion/base.py -------------------------------------------------------------------------------- /sigma/conversion/deferred.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/conversion/deferred.py -------------------------------------------------------------------------------- /sigma/conversion/state.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/conversion/state.py -------------------------------------------------------------------------------- /sigma/correlations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/correlations.py -------------------------------------------------------------------------------- /sigma/data/mitre_attack.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/data/mitre_attack.py -------------------------------------------------------------------------------- /sigma/data/mitre_d3fend.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/data/mitre_d3fend.py -------------------------------------------------------------------------------- /sigma/exceptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/exceptions.py -------------------------------------------------------------------------------- /sigma/filters.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/filters.py -------------------------------------------------------------------------------- /sigma/modifiers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/modifiers.py -------------------------------------------------------------------------------- /sigma/pipelines/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/pipelines/base.py -------------------------------------------------------------------------------- /sigma/pipelines/common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/pipelines/common.py -------------------------------------------------------------------------------- /sigma/pipelines/test/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/pipelines/test/__init__.py -------------------------------------------------------------------------------- /sigma/pipelines/test/pipeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/pipelines/test/pipeline.py -------------------------------------------------------------------------------- /sigma/plugins.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/plugins.py -------------------------------------------------------------------------------- /sigma/processing/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /sigma/processing/condition_expressions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/condition_expressions.py -------------------------------------------------------------------------------- /sigma/processing/conditions/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/conditions/__init__.py -------------------------------------------------------------------------------- /sigma/processing/conditions/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/conditions/base.py -------------------------------------------------------------------------------- /sigma/processing/conditions/fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/conditions/fields.py -------------------------------------------------------------------------------- /sigma/processing/conditions/rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/conditions/rule.py -------------------------------------------------------------------------------- /sigma/processing/conditions/state.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/conditions/state.py -------------------------------------------------------------------------------- /sigma/processing/conditions/values.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/conditions/values.py -------------------------------------------------------------------------------- /sigma/processing/finalization.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/finalization.py -------------------------------------------------------------------------------- /sigma/processing/pipeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/pipeline.py -------------------------------------------------------------------------------- /sigma/processing/postprocessing.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/postprocessing.py -------------------------------------------------------------------------------- /sigma/processing/resolver.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/resolver.py -------------------------------------------------------------------------------- /sigma/processing/templates.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/templates.py -------------------------------------------------------------------------------- /sigma/processing/tracking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/tracking.py -------------------------------------------------------------------------------- /sigma/processing/transformations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/__init__.py -------------------------------------------------------------------------------- /sigma/processing/transformations/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/base.py -------------------------------------------------------------------------------- /sigma/processing/transformations/condition.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/condition.py -------------------------------------------------------------------------------- /sigma/processing/transformations/detection_item.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/detection_item.py -------------------------------------------------------------------------------- /sigma/processing/transformations/failure.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/failure.py -------------------------------------------------------------------------------- /sigma/processing/transformations/fields.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/fields.py -------------------------------------------------------------------------------- /sigma/processing/transformations/meta.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/meta.py -------------------------------------------------------------------------------- /sigma/processing/transformations/placeholder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/placeholder.py -------------------------------------------------------------------------------- /sigma/processing/transformations/rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/rule.py -------------------------------------------------------------------------------- /sigma/processing/transformations/state.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/state.py -------------------------------------------------------------------------------- /sigma/processing/transformations/values.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/processing/transformations/values.py -------------------------------------------------------------------------------- /sigma/py.typed: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /sigma/rule/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/rule/__init__.py -------------------------------------------------------------------------------- /sigma/rule/attributes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/rule/attributes.py -------------------------------------------------------------------------------- /sigma/rule/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/rule/base.py -------------------------------------------------------------------------------- /sigma/rule/detection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/rule/detection.py -------------------------------------------------------------------------------- /sigma/rule/logsource.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/rule/logsource.py -------------------------------------------------------------------------------- /sigma/rule/rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/rule/rule.py -------------------------------------------------------------------------------- /sigma/types.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/types.py -------------------------------------------------------------------------------- /sigma/validation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validation.py -------------------------------------------------------------------------------- /sigma/validators/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validators/base.py -------------------------------------------------------------------------------- /sigma/validators/core/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validators/core/__init__.py -------------------------------------------------------------------------------- /sigma/validators/core/condition.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validators/core/condition.py -------------------------------------------------------------------------------- /sigma/validators/core/logsources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validators/core/logsources.py -------------------------------------------------------------------------------- /sigma/validators/core/metadata.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validators/core/metadata.py -------------------------------------------------------------------------------- /sigma/validators/core/modifiers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validators/core/modifiers.py -------------------------------------------------------------------------------- /sigma/validators/core/tags.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validators/core/tags.py -------------------------------------------------------------------------------- /sigma/validators/core/values.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/sigma/validators/core/values.py -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/conftest.py -------------------------------------------------------------------------------- /tests/files/correlation_rule_valid/correlation_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/correlation_rule_valid/correlation_rule.yml -------------------------------------------------------------------------------- /tests/files/filter_valid/filter_out_domain_controllers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/filter_valid/filter_out_domain_controllers.yml -------------------------------------------------------------------------------- /tests/files/finalize.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/finalize.j2 -------------------------------------------------------------------------------- /tests/files/invalid_template_vars.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/invalid_template_vars.py -------------------------------------------------------------------------------- /tests/files/pipeline.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/pipeline.yml -------------------------------------------------------------------------------- /tests/files/pipelines/pipeline-1.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/pipelines/pipeline-1.yml -------------------------------------------------------------------------------- /tests/files/pipelines/pipeline-2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/pipelines/pipeline-2.yml -------------------------------------------------------------------------------- /tests/files/rule_filename_errors/Name.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/rule_filename_errors/Name.yml -------------------------------------------------------------------------------- /tests/files/rule_valid/win_codeintegrity_unsigned_driver_loaded.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/rule_valid/win_codeintegrity_unsigned_driver_loaded.yml -------------------------------------------------------------------------------- /tests/files/ruleset/somethingelse.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/ruleset/somethingelse.txt -------------------------------------------------------------------------------- /tests/files/ruleset/subdirectory/test_rule_2.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/ruleset/subdirectory/test_rule_2.yml -------------------------------------------------------------------------------- /tests/files/ruleset/test_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/ruleset/test_rule.yml -------------------------------------------------------------------------------- /tests/files/ruleset_duplicate/sub1/test_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/ruleset_duplicate/sub1/test_rule.yml -------------------------------------------------------------------------------- /tests/files/ruleset_duplicate/sub2/test_rule.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/ruleset_duplicate/sub2/test_rule.yml -------------------------------------------------------------------------------- /tests/files/ruleset_nonduplicate/multiple_rules.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/ruleset_nonduplicate/multiple_rules.yml -------------------------------------------------------------------------------- /tests/files/ruleset_with_errors/test_rule_with_error.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/ruleset_with_errors/test_rule_with_error.yml -------------------------------------------------------------------------------- /tests/files/template_vars.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/files/template_vars.py -------------------------------------------------------------------------------- /tests/test_backend_identifier.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_backend_identifier.py -------------------------------------------------------------------------------- /tests/test_collection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_collection.py -------------------------------------------------------------------------------- /tests/test_conditions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_conditions.py -------------------------------------------------------------------------------- /tests/test_conversion_base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_conversion_base.py -------------------------------------------------------------------------------- /tests/test_conversion_correlations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_conversion_correlations.py -------------------------------------------------------------------------------- /tests/test_conversion_deferred.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_conversion_deferred.py -------------------------------------------------------------------------------- /tests/test_conversion_state.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_conversion_state.py -------------------------------------------------------------------------------- /tests/test_convert_rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_convert_rule.py -------------------------------------------------------------------------------- /tests/test_correlations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_correlations.py -------------------------------------------------------------------------------- /tests/test_exceptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_exceptions.py -------------------------------------------------------------------------------- /tests/test_filters.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_filters.py -------------------------------------------------------------------------------- /tests/test_finalization_tranformations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_finalization_tranformations.py -------------------------------------------------------------------------------- /tests/test_modifiers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_modifiers.py -------------------------------------------------------------------------------- /tests/test_pipelines_common.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_pipelines_common.py -------------------------------------------------------------------------------- /tests/test_plugins.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_plugins.py -------------------------------------------------------------------------------- /tests/test_postprocessing_transformations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_postprocessing_transformations.py -------------------------------------------------------------------------------- /tests/test_processing_conditions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_processing_conditions.py -------------------------------------------------------------------------------- /tests/test_processing_pipeline.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_processing_pipeline.py -------------------------------------------------------------------------------- /tests/test_processing_pipeline_condition_expressions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_processing_pipeline_condition_expressions.py -------------------------------------------------------------------------------- /tests/test_processing_resolver.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_processing_resolver.py -------------------------------------------------------------------------------- /tests/test_processing_tracking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_processing_tracking.py -------------------------------------------------------------------------------- /tests/test_processing_transformations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_processing_transformations.py -------------------------------------------------------------------------------- /tests/test_rule.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_rule.py -------------------------------------------------------------------------------- /tests/test_types.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_types.py -------------------------------------------------------------------------------- /tests/test_validation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_validation.py -------------------------------------------------------------------------------- /tests/test_validators.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_validators.py -------------------------------------------------------------------------------- /tests/test_validators_condition.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_validators_condition.py -------------------------------------------------------------------------------- /tests/test_validators_logsource.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_validators_logsource.py -------------------------------------------------------------------------------- /tests/test_validators_metadata.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_validators_metadata.py -------------------------------------------------------------------------------- /tests/test_validators_modifiers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_validators_modifiers.py -------------------------------------------------------------------------------- /tests/test_validators_tags.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SigmaHQ/pySigma/HEAD/tests/test_validators_tags.py --------------------------------------------------------------------------------