From cbe92698187ad72381bd7e54153b3cad5155fabd Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Sun, 21 Jan 2024 20:55:41 +0900
Subject: [PATCH 1/3] fix: add rule parse check github actions for auto PR

---
 .github/workflows/rule-parse-error-check.yaml | 18 +++++--
 .github/workflows/update-sigmarule.yaml       | 48 ++++++++++++++++++-
 2 files changed, 59 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/rule-parse-error-check.yaml b/.github/workflows/rule-parse-error-check.yaml
index 623f3db73..f0c26de34 100644
--- a/.github/workflows/rule-parse-error-check.yaml
+++ b/.github/workflows/rule-parse-error-check.yaml
@@ -1,6 +1,7 @@
 name: Rule parse error check
 
 on:
+  workflow_dispatch:
   pull_request:
 
 jobs:
@@ -26,9 +27,16 @@ jobs:
           repository: Yamato-Security/hayabusa-sample-evtx
           path: hayabusa-sample-evtx
 
-      - name: Set up Rust toolchain
-        if: ${{ steps.skip_check.outputs.should_skip != 'true' }}
-        uses: dtolnay/rust-toolchain@stable
-
       - name: run csv-timeline
-        run: cd hayabusa && cargo run --release -- csv-timeline -d ../hayabusa-sample-evtx -r ../hayabusa-rules -w -o timeline.csv  | grep "Rule parsing error" | wc -l | grep 0
\ No newline at end of file
+        run: |
+            cd hayabusa
+            git fetch --prune --unshallow
+            LATEST_VER=`git describe --tags --abbrev=0`
+            URL="https://github.com/Yamato-Security/hayabusa/releases/download/${LATEST_VER}/hayabusa-${LATEST_VER#v}-linux.zip"
+            mkdir tmp
+            cd tmp
+            curl -OL $URL
+            unzip *.zip
+            chmod +x hayabusa-${LATEST_VER#v}-lin-x64-gnu
+            ./hayabusa-${LATEST_VER#v}-lin-x64-gnu csv-timeline -d ../../hayabusa-sample-evtx -r ../../hayabusa-rules -w -o out.csv
+            ./hayabusa-${LATEST_VER#v}-lin-x64-gnu csv-timeline -d ../../hayabusa-sample-evtx -r ../../hayabusa-rules -w -o out.csv  -C | grep "Rule parsing error" | wc -l | grep 0
diff --git a/.github/workflows/update-sigmarule.yaml b/.github/workflows/update-sigmarule.yaml
index 3c883d0b1..04223492e 100644
--- a/.github/workflows/update-sigmarule.yaml
+++ b/.github/workflows/update-sigmarule.yaml
@@ -5,13 +5,57 @@ name: Pipeline for sigma rule updates
 
 on:
   ## This workflow is executed once a day.
-  ## I added workflow_dispatch so that you can execute this workflow from the GitHub UI. 
+  ## I added workflow_dispatch so that you can execute this workflow from the GitHub UI.
   workflow_dispatch:
+   inputs:
+     rule-parse-error-check:
+       description: If true, check rule parse error
+       required: fale
+       type: boolean
+       default: true
   schedule:
-    - cron: '0 20 * * *' 
+    - cron: '0 20 * * *'
 
 jobs:
+  rule-parse-error-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: clone hayabusa rule repo
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          path: hayabusa-rules
+
+      - name: clone hayabusa
+        uses: actions/checkout@v3
+        with:
+          repository: Yamato-Security/hayabusa
+          submodules: recursive
+          path: hayabusa
+
+      - name: clone hayabusa-sample-evtx
+        uses: actions/checkout@v3
+        with:
+          repository: Yamato-Security/hayabusa-sample-evtx
+          path: hayabusa-sample-evtx
+
+      - name: run csv-timeline
+      - if: inputs.rule-parse-error-check
+        run: |
+            cd hayabusa
+            git fetch --prune --unshallow
+            LATEST_VER=`git describe --tags --abbrev=0`
+            URL="https://github.com/Yamato-Security/hayabusa/releases/download/${LATEST_VER}/hayabusa-${LATEST_VER#v}-linux.zip"
+            mkdir tmp
+            cd tmp
+            curl -OL $URL
+            unzip *.zip
+            chmod +x hayabusa-${LATEST_VER#v}-lin-x64-gnu
+            ./hayabusa-${LATEST_VER#v}-lin-x64-gnu csv-timeline -d ../../hayabusa-sample-evtx -r ../../hayabusa-rules -w -o out.csv
+            ./hayabusa-${LATEST_VER#v}-lin-x64-gnu csv-timeline -d ../../hayabusa-sample-evtx -r ../../hayabusa-rules -w -o out.csv  -C | grep "Rule parsing error" | wc -l | grep 0
+
   updateSigmaRule:
+    needs: rule-parse-error-check
     runs-on: ubuntu-latest
     steps:
       - name: clone hayabusa rule repo

From a01fb51f1ff08fe88ed882f67805413742fb8473 Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Sun, 21 Jan 2024 20:57:44 +0900
Subject: [PATCH 2/3] fix: workflow_dispatch option

---
 .github/workflows/update-sigmarule.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update-sigmarule.yaml b/.github/workflows/update-sigmarule.yaml
index 04223492e..da6ef835f 100644
--- a/.github/workflows/update-sigmarule.yaml
+++ b/.github/workflows/update-sigmarule.yaml
@@ -10,7 +10,7 @@ on:
    inputs:
      rule-parse-error-check:
        description: If true, check rule parse error
-       required: fale
+       required: false
        type: boolean
        default: true
   schedule:

From 8b72532859c4a7439a41d8b1ec504cc926aba05d Mon Sep 17 00:00:00 2001
From: fukusuket <41001169+fukusuket@users.noreply.github.com>
Date: Sun, 21 Jan 2024 20:59:37 +0900
Subject: [PATCH 3/3] fix: workflow_dispatch option

---
 .github/workflows/update-sigmarule.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update-sigmarule.yaml b/.github/workflows/update-sigmarule.yaml
index da6ef835f..f296c6c46 100644
--- a/.github/workflows/update-sigmarule.yaml
+++ b/.github/workflows/update-sigmarule.yaml
@@ -40,7 +40,7 @@ jobs:
           path: hayabusa-sample-evtx
 
       - name: run csv-timeline
-      - if: inputs.rule-parse-error-check
+        if: inputs.rule-parse-error-check
         run: |
             cd hayabusa
             git fetch --prune --unshallow