Fix rule formats for cypress tests

vikhy-aws · vikhy-aws · commit f13d9a3234ac · 2026-01-22T13:35:21.000-08:00
Signed-off-by: vikhy-aws &lt;191836418+vikhy-aws@users.noreply.github.com&gt;
diff --git a/.cypress/fixtures/integration_tests/rule/create_dns_rule_with_name_selection.json b/.cypress/fixtures/integration_tests/rule/create_dns_rule_with_name_selection.json
@@ -1,26 +1,28 @@
 {
-  "id": "25b9c01c-350d-4b95-bed1-836d04a4f325",
-  "category": "dns",
-  "title": "Cypress DNS Rule",
-  "description": "Detects DNS name as QWE",
-  "status": "experimental",
-  "author": "Cypress Tests",
-  "references": [
-    {
-      "value": ""
-    }
-  ],
-  "tags": [
-    {
-      "value": "dns.high"
-    }
-  ],
-  "log_source": "",
-  "detection": "selection:\n  dns-question-name:\n    - QuestionName\ncondition: selection",
-  "level": "high",
-  "false_positives": [
-    {
-      "value": ""
-    }
-  ]
+  "rule": {
+    "id": "25b9c01c-350d-4b95-bed1-836d04a4f325",
+    "category": "dns",
+    "title": "Cypress DNS Rule",
+    "description": "Detects DNS name as QWE",
+    "status": "experimental",
+    "author": "Cypress Tests",
+    "references": [
+      {
+        "value": ""
+      }
+    ],
+    "tags": [
+      {
+        "value": "dns.high"
+      }
+    ],
+    "log_source": "",
+    "detection": "selection:\n  dns-question-name:\n    - QuestionName\ncondition: selection",
+    "level": "high",
+    "false_positives": [
+      {
+        "value": ""
+      }
+    ]
+  }
 }
diff --git a/.cypress/fixtures/integration_tests/rule/create_dns_rule_with_type_selection.json b/.cypress/fixtures/integration_tests/rule/create_dns_rule_with_type_selection.json
@@ -1,26 +1,28 @@
 {
-  "id": "25b9c01c-350d-4b95-bed1-836d04a4f325",
-  "category": "dns",
-  "title": "Cypress DNS Type Rule",
-  "description": "Detects DNS type as QWE",
-  "status": "experimental",
-  "author": "Cypress Tests",
-  "references": [
-    {
-      "value": ""
-    }
-  ],
-  "tags": [
-    {
-      "value": "dns.high"
-    }
-  ],
-  "log_source": "",
-  "detection": "selection:\n  dns-answers-type:\n    - AnswerType\ncondition: selection",
-  "level": "high",
-  "false_positives": [
-    {
-      "value": ""
-    }
-  ]
+  "rule": {
+    "id": "25b9c01c-350d-4b95-bed1-836d04a4f325",
+    "category": "dns",
+    "title": "Cypress DNS Type Rule",
+    "description": "Detects DNS type as QWE",
+    "status": "experimental",
+    "author": "Cypress Tests",
+    "references": [
+      {
+        "value": ""
+      }
+    ],
+    "tags": [
+      {
+        "value": "dns.high"
+      }
+    ],
+    "log_source": "",
+    "detection": "selection:\n  dns-answers-type:\n    - AnswerType\ncondition: selection",
+    "level": "high",
+    "false_positives": [
+      {
+        "value": ""
+      }
+    ]
+  }
 }
diff --git a/.cypress/fixtures/integration_tests/rule/create_network_rule.json b/.cypress/fixtures/integration_tests/rule/create_network_rule.json
@@ -1,26 +1,28 @@
 {
-  "id": "25b9c01c-350d-4b95-bed1-836d04a4f326",
-  "category": "network",
-  "title": "Cypress Network Rule",
-  "description": "Detects network changes",
-  "status": "experimental",
-  "author": "Cypress Tests",
-  "references": [
-    {
-      "value": ""
-    }
-  ],
-  "tags": [
-    {
-      "value": "network.high"
-    }
-  ],
-  "log_source": "",
-  "detection": "selection:\n  keywords:\n    - erase\n    - delete\n    - YXC\ncondition: selection",
-  "level": "high",
-  "false_positives": [
-    {
-      "value": ""
-    }
-  ]
+  "rule": {
+    "id": "25b9c01c-350d-4b95-bed1-836d04a4f326",
+    "category": "network",
+    "title": "Cypress Network Rule",
+    "description": "Detects network changes",
+    "status": "experimental",
+    "author": "Cypress Tests",
+    "references": [
+      {
+        "value": ""
+      }
+    ],
+    "tags": [
+      {
+        "value": "network.high"
+      }
+    ],
+    "log_source": "",
+    "detection": "selection:\n  keywords:\n    - erase\n    - delete\n    - YXC\ncondition: selection",
+    "level": "high",
+    "false_positives": [
+      {
+        "value": ""
+      }
+    ]
+  }
 }
diff --git a/.cypress/fixtures/integration_tests/rule/create_windows_usb_rule.json b/.cypress/fixtures/integration_tests/rule/create_windows_usb_rule.json
@@ -1,26 +1,28 @@
 {
-  "id": "25b9c01c-350d-4b95-bed1-836d04a4f123",
-  "category": "windows",
-  "title": "Cypress USB Rule",
-  "description": "USB plugged-in rule",
-  "status": "experimental",
-  "author": "Cypress Tests",
-  "references": [
-    {
-      "value": ""
-    }
-  ],
-  "tags": [
-    {
-      "value": "windows.usb"
-    }
-  ],
-  "log_source": "",
-  "detection": "selection:\n  winlog-event_id:\n    - 2003\n    - 2100\n    - 2102\ncondition: selection",
-  "level": "high",
-  "false_positives": [
-    {
-      "value": ""
-    }
-  ]
+  "rule": {
+    "id": "25b9c01c-350d-4b95-bed1-836d04a4f123",
+    "category": "windows",
+    "title": "Cypress USB Rule",
+    "description": "USB plugged-in rule",
+    "status": "experimental",
+    "author": "Cypress Tests",
+    "references": [
+      {
+        "value": ""
+      }
+    ],
+    "tags": [
+      {
+        "value": "windows.usb"
+      }
+    ],
+    "log_source": "",
+    "detection": "selection:\n  winlog-event_id:\n    - 2003\n    - 2100\n    - 2102\ncondition: selection",
+    "level": "high",
+    "false_positives": [
+      {
+        "value": ""
+      }
+    ]
+  }
 }
