validate_rule
Validate sigma rules for schema correctness, pySigma compatibility, and best-practices linting. Catch parse errors, spec violations, and quality issues like missing references or MITRE tags.
Instructions
Validate a sigma YAML rule for schema correctness, pySigma compatibility, and best-practices linting.
Use when the caller has a sigma rule (drafted, pasted, or
read from disk) and needs to know whether it is parseable, spec
compliant, and free of common quality smells (empty references,
missing falsepositives, missing MITRE tag, vague condition).
``target_backend`` is informational at this layer; the linter is
backend-agnostic. ``strict=True`` promotes warnings into the
error list.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| yaml_content | Yes | ||
| target_backend | No | default | |
| strict | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||