forked from elastic/detection-rules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest_hunting_cli.bash
executable file
·34 lines (23 loc) · 1.37 KB
/
test_hunting_cli.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/bin/bash
# Path to the virtual environment
VENV_PATH="./env/detection-rules-build"
# Activate the virtual environment
source "$VENV_PATH/bin/activate"
echo "Running hunting CLI tests..."
echo "Searching: Search for T1078.004 subtechnique in AWS data source"
python -m hunting search --sub-technique T1078.004 --data-source aws
echo "Refreshing index"
python -m hunting refresh-index
echo "Generating Markdown: initial_access_higher_than_average_failed_authentication.toml"
python -m hunting generate-markdown /Users/tdejesus/code/src/detection-rules/hunting/okta/queries/initial_access_higher_than_average_failed_authentication.toml
echo "Running Query: low_volume_external_network_connections_from_process.toml"
echo "Requires .detection-rules-cfg.json credentials file set."
python -m hunting run-query --file-path /Users/tdejesus/code/src/detection-rules/hunting/linux/queries/low_volume_external_network_connections_from_process.toml --all
echo "Viewing Hunt: 12526f14-5e35-4f5f-884c-96c6a353a544"
python -m hunting view-hunt --uuid 12526f14-5e35-4f5f-884c-96c6a353a544 --format json
echo "Generating summary of hunts by integration"
python -m hunting hunt-summary --breakdown integration
echo "Generating summary of hunts by platform"
python -m hunting hunt-summary --breakdown platform
echo "Generating summary of hunts by language"
python -m hunting hunt-summary --breakdown language