feat(phase-32): add automated tests V3 for data sources, scoring, campaigns and snapshots (T-235 to T-237)

backend/tests/fixtures/sample_sigma_rule.yml

@@ -0,0 +1,27 @@
+title: Windows PowerShell Execution Policy Bypass
+id: 1f21ec3f-810d-4b0e-8045-322202e22b4b
+status: stable
+description: Detects attempts to bypass PowerShell execution policy
+author: Test Author
+date: 2025/01/15
+references:
+  - https://example.com/sigma-test
+logsource:
+  category: process_creation
+  product: windows
+detection:
+  selection:
+    CommandLine|contains:
+      - '-ExecutionPolicy Bypass'
+      - '-ep bypass'
+      - 'Set-ExecutionPolicy Bypass'
+  condition: selection
+falsepositives:
+  - Legitimate admin scripts
+  - CI/CD pipelines
+level: high
+tags:
+  - attack.execution
+  - attack.t1059.001
+  - attack.defense_evasion
+  - attack.t1562.001