From 5d5c0109cf9d6abf231fb26550077729cb9c02ea Mon Sep 17 00:00:00 2001
From: Thomas Patzke <thomas@patzke.org>
Date: Tue, 20 Feb 2024 23:37:08 +0100
Subject: [PATCH] Check of correlation rules

---
 sigma/cli/check.py                            | 2 ++
 tests/files/valid/sigma_correlation_rules.yml | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/sigma/cli/check.py b/sigma/cli/check.py
index b93e669..919f05a 100644
--- a/sigma/cli/check.py
+++ b/sigma/cli/check.py
@@ -125,6 +125,8 @@ def check(
                         f"Condition error in { str(condition.source) }:{ error }"
                     )
                     cond_errors.update((error,))
+            else:
+                check_rules.append(rule)
 
         # TODO: From Python 3.10 the commented line below can be used.
         rule_error_count = sum(rule_errors.values())
diff --git a/tests/files/valid/sigma_correlation_rules.yml b/tests/files/valid/sigma_correlation_rules.yml
index b71273f..ac9956a 100644
--- a/tests/files/valid/sigma_correlation_rules.yml
+++ b/tests/files/valid/sigma_correlation_rules.yml
@@ -30,9 +30,10 @@ correlation:
     condition:
         gte: 10
 ---
-title: Multiple occurrences of base event
+title: Multiple occurrences of base event with different values
 description: This is a correlation rule
 id: 16a288b8-4ed2-440f-9984-7a128e86e006
+date: 2023-12-09
 status: test
 level: medium
 correlation: