Metadata-Version: 2.1
Name: pySigma-validators-sigmahq
Version: 0.7.0
Summary: pySigma SigmaHQ validators
Home-page: https://github.com/SigmaHQ/pySigma_validators_sigmaHQ
License: LGPL-2.1-only
Author: François Hubaut
Author-email: frack113@users.noreply.github.com
Requires-Python: >=3.8,<4.0
Classifier: License :: OSI Approved
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Dist: pysigma (>=0.11,<0.12)
Project-URL: Repository, https://github.com/SigmaHQ/pySigma_validators_sigmaHQ
Description-Content-Type: text/markdown

# pySigma_validators_sigmaHQ
![Tests](https://github.com/SigmaHQ/pySigma-validators-sigmaHQ/actions/workflows/test.yml/badge.svg)
![Coverage Badge](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/frack113/b27ee1cbe964fb1a299cc20c3403f8c8/raw/pySigma-validators-sigmaHQ.json)
![Status](https://img.shields.io/badge/Status-pre--release-orange)

# Purpose

Create all validators specific to the requirements of the SigmaHQ rules repository

# Validators

| Name | Description|
| --- | ---|
| sigmahq_categorie_eventid              | Checks if rule use Eventid with a windows category that      |
| sigmahq_date_existence                 | Checks if rule has a data.                                   |
| sigmahq_description_existence          | Checks if rule has a description.                            |
| sigmahq_description_length             | Checks if rule has a description.                            |
| sigmahq_falsepositives_banned_word     | Checks if rule falsepositive start with a banned word.       |
| sigmahq_falsepositives_capital         | Checks if rule falsepositive start with a capital.           |
| sigmahq_falsepositives_typo_word       | Checks if rule falsepositive start with a common typo error. |
| sigmahq_field_duplicate_value          | Check uniques value in field list.                           |
| sigmahq_field_user                     | Check a User field use a localized name.                     |
| sigmahq_field_with_space               | Check field do not have a space.                             |
| sigmahq_fieldname_cast                 | Check field name have a cast error.                          |
| sigmahq_filename                       | Check rule filename match SigmaHQ standard.                  |
| sigmahq_filename_prefix                | Check rule filename match SigmaHQ prefix standard.           |
| sigmahq_invalid_all_modifier           | Check All modifier used with a single value.                 |
| sigmahq_invalid_field_source           | Check field Source use with Eventlog.                        |
| sigmahq_invalid_fieldname              | Check field name do not exist in the logsource.              |
| sigmahq_level_existence                | Checks if rule has a level.                                  |
| sigmahq_link_description               | Checks if rule description use a link instead of references. |
| sigmahq_logsource_known                | Checks if rule has known logsource.                          |
| sigmahq_noasterixofselection_condition | Check use '1/all of ' without asterix                        |
| sigmahq_ofselection_condition          | Check use 'All/X of ' with only one selection                |
| sigmahq_ofthem_condition               | Check use ' of them' with only one selection                 |
| sigmahq_sigmac                         | Checks if rule use a selection name that break sigmac.       |
| sigmahq_space_fieldname                | Check field name have a space.                               |
| sigmahq_status_deprecated              | Checks if rule has a status DEPRECATED.                      |
| sigmahq_status_existence               | Checks if rule has a status.                                 |
| sigmahq_status_unsupported             | Checks if rule has a status UNSUPPORTED.                     |
| sigmahq_title_case                     | Checks if rule title use capitalization.                     |
| sigmahq_title_end                      | Checks if rule title end with a dot(.).                      |
| sigmahq_title_length                   | Checks if rule has a title too long.                         |
| sigmahq_title_start                    | Checks if rule title start with Detects.                     |


# Data

All the data value are in the config.py

# Maintainer

This pipelines is currently maintained by:
* [François Hubaut](https://github.com/frack113)

