[bug] Rules run without required fields

[crayy8]

Describe the bug
I'm not sure how much of these are bugs so feel free to close if you do not agree. Based off the hayabusa rule documentation there are certain fields that are required and some that are optional. From testing many of the required fields are not really required and will still run without issue.

Required fields (based off documentation) that will still flag items:

• author
• date
• title
• id
• status
• logsource
• falsepositives
• ruletype

The only fields that are marked as required that will actually generate an error are:

• level
• detection

[YamatoSecurity]

@crayy8 Thanks for all of the issues! I've been meaning to update the hayabusa-rules documentation. I am planning on replacing the way I have been writing rules with the standard Sigma way but haven't had time to get around to it. The reason why we have kept those fields optional is because they are technically optional in the sigma specification: https://github.com/SigmaHQ/sigma-specification/blob/main/specification/sigma-rules-specification.md
In practice, all rules have these and should be required in my opinion but I need to do a little more thinking about whether we should require them and go against the sigma specification.. Maybe something to discuss in the Sigma discord channel.

[crayy8]

@YamatoSecurity Thank you for the information! I figured this wasn't a big deal but wanted to make sure your team was aware of my findings incase you thought anything was worth tackling. I agree that many of the fields that you mark as required should really be required. Its strange to me that so many are optional in Sigma.

2 additional comments after reviewing the sigma docs:

1. Sigma appears to make title required which is not required in Hayabusa (even though docs state it is)
2. Level is not required in sigma but is required in hayabusa and will result in the rule not loading and logging an error. I'm sure its not really a huge problem in practice but just something to point out since Sigma rules are supposedly able to run in hayabusa without conversion (if I understand correctly)? Again not trying to say its necessarily a bug just wanting to make you aware.

[YamatoSecurity]

@crayy8 Thanks for pointing this out! I will review the specs and probably make title, level, etc.. required fields.