public void Validate_DetectionTemplates_AllFilesAreYamls()
        {
            string detectionPath        = DetectionsYamlFilesTestData.GetDetectionPath();
            var    yamlFiles            = Directory.GetFiles(detectionPath, "*.yaml", SearchOption.AllDirectories).ToList();
            var    AllFiles             = Directory.GetFiles(detectionPath, "*", SearchOption.AllDirectories).ToList();
            var    numberOfNotYamlFiles = 1; //This is the readme.md file in the directory

            Assert.True(AllFiles.Count == yamlFiles.Count + numberOfNotYamlFiles, "All the files in detections folder are supposed to end with .yaml");
        }
Пример #2
0
        static TemplatesToSkipValidationReader()
        {
            var jsonFilePath = Path.Combine(DetectionsYamlFilesTestData.GetSkipTemplatesPath(), SKipJsonFileName);

            using (StreamReader r = new StreamReader(jsonFilePath))
            {
                string json = r.ReadToEnd();
                WhiteListTemplates = JsonConvert.DeserializeObject <IEnumerable <SkipTemplate> >(json);
            }
        }
Пример #3
0
        private static IEnumerable <string> GetTemplatesSchemaValidationsData(string fileName)
        {
            var jsonFilePath = Path.Combine(DetectionsYamlFilesTestData.GetSkipTemplatesPath(), fileName);

            using (StreamReader r = new StreamReader(jsonFilePath))
            {
                string json = r.ReadToEnd();
                return(JsonConvert.DeserializeObject <IEnumerable <string> >(json));
            }
        }
Пример #4
0
        public void Validate_DetectionTemplates_AllFilesAreYamls()
        {
            List <string> detectionPath = DetectionsYamlFilesTestData.GetDetectionPaths();
            var           yamlFiles     = Directory.GetFiles(detectionPath[0], "*.yaml", SearchOption.AllDirectories).ToList();                                // Detection folder

            yamlFiles.AddRange(Directory.GetFiles(detectionPath[1], "*.yaml", SearchOption.AllDirectories).ToList().Where(s => s.Contains("Analytic Rules"))); // Extending detection validation to solution folder
            var AllFiles = Directory.GetFiles(detectionPath[0], "*", SearchOption.AllDirectories).ToList();

            AllFiles.AddRange(Directory.GetFiles(detectionPath[1], "*", SearchOption.AllDirectories).ToList().Where(s => s.Contains("Analytic Rules")));
            var numberOfNotYamlFiles = 1; //This is the readme.md file in the directory

            Assert.True(AllFiles.Count == yamlFiles.Count + numberOfNotYamlFiles, $"All the files in detections and solution (Analytics rules) folder are supposed to end with .yaml");
        }
Пример #5
0
        public CustomTablesSchemasLoader()
        {
            _tableSchemas = new List <TableSchema>();
            var jsonFiles = Directory.GetFiles(DetectionsYamlFilesTestData.GetCustomTablesPath(), "*.json");

            foreach (var jsonFile in jsonFiles)
            {
                var tableSchema = ReadTableSchema(jsonFile);
                if (tableSchema != null)
                {
                    _tableSchemas.Add(tableSchema);
                }
            }
        }
        public void Validate_DetectionTemplates_NoSameTemplateIdTwice()
        {
            string detectionPath      = DetectionsYamlFilesTestData.GetDetectionPath();
            var    yamlFiles          = Directory.GetFiles(detectionPath, "*.yaml", SearchOption.AllDirectories);
            var    templatesAsStrings = yamlFiles.Select(yaml => GetYamlFileAsString(Path.GetFileName(yaml)));

            var templatesAsObjects = templatesAsStrings.Select(yaml => JObject.Parse(ConvertYamlToJson(yaml)));
            var duplicationsById   = templatesAsObjects.GroupBy(a => a["id"]).Where(group => group.Count() > 1); //Finds duplications -> ids that there are more than 1 template from
            var duplicatedId       = "";

            if (duplicationsById.Count() > 0)
            {
                duplicatedId = duplicationsById.Last().Select(x => x["id"]).First().ToString();
            }
            Assert.True(duplicationsById.Count() == 0, $"There should not be 2 templates with the same ID, but the id {duplicatedId} is duplicated.");
        }
Пример #7
0
        public void Validate_DetectionTemplates_NoSameTemplateIdTwice()
        {
            List <string> detectionPath = DetectionsYamlFilesTestData.GetDetectionPaths();
            var           yamlFiles     = Directory.GetFiles(detectionPath[0], "*.yaml", SearchOption.AllDirectories).Where(s => !s.Contains("CiscoUmbrella")).ToList(); // Removing duplicate CiscoUmbrella detections. already present in solution folder

            yamlFiles.AddRange(Directory.GetFiles(detectionPath[1], "*.yaml", SearchOption.AllDirectories).ToList().Where(s => s.Contains("Analytic Rules")));           // Extending it to solution folder for detection validation
            var templatesAsStrings = yamlFiles.Select(yaml => GetYamlFileAsString(Path.GetFileName(yaml)));

            var templatesAsObjects = templatesAsStrings.Select(yaml => JObject.Parse(ConvertYamlToJson(yaml)));
            var duplicationsById   = templatesAsObjects.GroupBy(a => a["id"]).Where(group => group.Count() > 1); //Finds duplications -> ids that there are more than 1 template from
            var duplicatedId       = "";

            if (duplicationsById.Count() > 0)
            {
                duplicatedId = duplicationsById.Last().Select(x => x["id"]).First().ToString();
            }
            Assert.True(duplicationsById.Count() == 0, $"There should not be 2 templates with the same ID, but the id {duplicatedId} is duplicated.");
        }