You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the tests for a detection are tests that PASS if the log is found using the provided detection' search. This is great to test that the rule matches when it's supposed to match, but it cannot test the exclusions to a rule.
Proposal: Introduce the concept of test "types": "should trigger" and "should not trigger".
The behavior is very simple:
For a should trigger test: If the detection' search finds a log, the test PASSES. Else it FAILS.
For a should not trigger test: If the detection' search finds a log, the test FAILS. Else it PASSES.
I can work on this feature and contribute it to upstream. If this is not something you want, we'll keep it in our private fork.
The text was updated successfully, but these errors were encountered:
Currently, the tests for a detection are tests that PASS if the log is found using the provided detection' search. This is great to test that the rule matches when it's supposed to match, but it cannot test the exclusions to a rule.
Proposal: Introduce the concept of test "types": "should trigger" and "should not trigger".
The behavior is very simple:
I can work on this feature and contribute it to upstream. If this is not something you want, we'll keep it in our private fork.
The text was updated successfully, but these errors were encountered: