Dev autoruletester refactoring (#594)

* Refactored: custom tests, presentation overview and dry vios

* Small fix in init

* Optimized refactoring to delete rule count bug and neglect on wrong rule filter

* fixed bug: wrong handling if not the end test for group of tests for certain multirule index fails

* tests are now successfull and partially adapted to new logic

* Review ppcad done (Part 1)

* Processed ppcads review

* Added additional example tests for new target_rule_idx enforcing

* Changed doc strings where still default

* Solved last naming issues stated in review

* Rewritten lass color prints, fixed error message to simple print when no target_rule_idx and deleted unused imports

* Fixed diff print for each rule

* Fixed index out of bounds when printing out problems

* Fixed the last fix causing out of bounds and added colored diff

* Add missing requirement

* Refactor auto rule tester

* refactored to linter score 9.81/10

* fixed black

* fixed black

* fixed black

* fixed black

* fixed black

* fixed black

* Improve code quality in auto rule tester

---------

Co-authored-by: Piotr Pauksztelo <[email protected]>

Author: Malutthias

examples/exampledata/rules/labeler/generic/example_rule.yml

@@ -1,7 +1,6 @@
-filter: "test_label: execute"
+filter: 'winlog.event_data.param2: "stop"'
 labeler:
-  id: labeler-1352bc0a-53ae-4740-bb9e-1e865f63375f
   label:
     action:
-      - execute
+      - terminate
 description: "..."

examples/exampledata/rules/pre_detector/generic/example_rule.yml

@@ -1,10 +1,9 @@
-filter: "test_pre_detector"
+filter: 'tags: "1" AND inp.message: "1"'
 pre_detector:
-  id: RULE_ONE_ID
+  id: RULE_ONE_ID_1
   title: RULE_ONE
   severity: critical
   mitre:
     - attack.test1
-    - attack.test2
   case_condition: directly
-description: "..."
+

logprep/abc/processor.py

@@ -120,7 +120,6 @@ class Config(Component.Config):
 
     __slots__ = [
         "rule_class",
-        "has_custom_tests",
         "_event",
         "_specific_tree",
         "_generic_tree",
@@ -130,7 +129,6 @@ class Config(Component.Config):
     ]
 
     rule_class: "Rule"
-    has_custom_tests: bool
     _event: dict
     _specific_tree: RuleTree
     _generic_tree: RuleTree
@@ -155,7 +153,6 @@ def __init__(self, name: str, configuration: "Processor.Config"):
             generic_rules_targets=self._config.generic_rules,
             specific_rules_targets=self._config.specific_rules,
         )
-        self.has_custom_tests = False
         self.result = None
         self._bypass_rule_tree = False
         if os.environ.get("LOGPREP_BYPASS_RULE_TREE"):

logprep/processor/clusterer/processor.py

@@ -75,7 +75,6 @@ class Config(Processor.Config):
     def __init__(self, name: str, configuration: Processor.Config):
         super().__init__(name=name, configuration=configuration)
         self.sps = SignaturePhaseStreaming()
-        self.has_custom_tests = True
 
         self._last_rule_id = math.inf
         self._last_non_extracted_signature = None