diff --git a/.github/workflows/update-sigmarule.yaml b/.github/workflows/update-sigmarule.yaml index 0f5acdf84..75a517e3a 100644 --- a/.github/workflows/update-sigmarule.yaml +++ b/.github/workflows/update-sigmarule.yaml @@ -5,14 +5,46 @@ name: Pipeline for sigma rule updates on: ## This workflow is executed once a day. - ## I added workflow_dispatch so that you can execute this workflow from the GitHub UI. + ## I added workflow_dispatch so that you can execute this workflow from the GitHub UI. workflow_dispatch: schedule: - - cron: '0 20 * * *' + - cron: '0 20 * * *' jobs: - Reuse: - uses: ./.github/workflows/rule-parse-error-check.yaml + rule-parse-error-check: + runs-on: ubuntu-latest + steps: + - name: clone hayabusa rule repo + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + path: hayabusa-rules + + - name: clone hayabusa + uses: actions/checkout@v3 + with: + repository: Yamato-Security/hayabusa + submodules: recursive + path: hayabusa + + - name: clone hayabusa-sample-evtx + uses: actions/checkout@v3 + with: + repository: Yamato-Security/hayabusa-sample-evtx + path: hayabusa-sample-evtx + + - name: run csv-timeline + run: | + cd hayabusa + LATEST_VER=`git describe --tags --abbrev=0` + URL="https://github.com/Yamato-Security/hayabusa/releases/download/${LATEST_VER}/hayabusa-${LATEST_VER#v}-linux.zip" + mkdir tmp + cd tmp + curl -OL $URL + unzip *.zip + chmod +x hayabusa-${LATEST_VER#v}-lin-x64-gnu + ./hayabusa-${LATEST_VER#v}-lin-x64-gnu csv-timeline -d ../hayabusa-sample-evtx -r ../hayabusa-rules -w -o out.csv | grep "Rule parsing error" | wc -l | grep 0 + updateSigmaRule: runs-on: ubuntu-latest steps: