Added an ignore list for bad rules. (#31)

Previously broken rules (those who referenced invalid fields) where rejected with a warning. But there were so many rejected rules that it was difficult to see when new rules were accidentally rejected when syncing new rule sets. This PR: 1. Adds an ignore list to the rules so bad rules which are already known are not emitting errors any more. 2. Uses a data dump from provider manifests to add trivial field mappings (where the field mapping is simply the EventData field). This helps with maintaining the field mapping for rules using this trivial field mapping. This should make it easier to sync new rules.
Velocidex · Apr 28, 2024 · b22f5c2 · b22f5c2
1 parent 2ed7aff
commit b22f5c2
Show file tree

Hide file tree

Showing 11 changed files with 40,668 additions and 663 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -24,8 +24,8 @@ jobs:
       id: velociraptor
       with:
         repository: velocidex/velociraptor
-        tag: v0.7.1
-        fileName: "*v0.7.1-2-linux-amd64"
+        tag: v0.72
+        fileName: "*v0.72.0-linux-amd64"
         out-file-path: tests
 
     - name: Run tests