uberAgent ESA Sigma rules #435

Workflow file for this run

	name: uberAgent ESA Sigma rules

	on:
	workflow_dispatch:
	schedule:
	- cron: '0 0 * * *'

	jobs:
	build:
	strategy:
	matrix:
	include:
	- branch: version/6.2
	pipeline_version: "uberagent-6.2.0"
	backend-version: ""
	copy_rules_args: "--skip_platform"
	pypi-host: "https://pypi.org/simple"
	converter-ref: "main"

	- branch: version/7.0
	pipeline_version: "uberagent-7.0.0"
	backend-version: "7.0.0"
	copy_rules_args: "--skip_platform"
	pypi-host: "https://pypi.org/simple"
	converter-ref: "main"

	- branch: version/7.1
	pipeline_version: "uberagent-7.1.0"
	backend-version: "7.1.0"
	copy_rules_args: ""
	pypi-host: "https://pypi.org/simple"
	converter-ref: "main"

	- branch: version/7.2
	pipeline_version: "uberagent-7.2.0"
	backend-version: "7.2.0"
	copy_rules_args: ""
	pypi-host: "https://pypi.org/simple"
	converter-ref: "main"

	- branch: version/7.3
	pipeline_version: "uberagent-7.3.0"
	backend-version: "7.3.0"
	copy_rules_args: ""
	pypi-host: "https://pypi.org/simple"
	converter-ref: "main"

	- branch: version/7.4
	pipeline_version: "uberagent-7.4.0"
	backend-version: "7.4.0"
	copy_rules_args: ""
	pypi-host: "https://pypi.org/simple"
	converter-ref: "main"

	- branch: develop
	pipeline_version: "uberagent-develop"
	backend-version: "develop"
	copy_rules_args: ""
	pypi-host: "https://test.pypi.org/simple"
	converter-ref: "develop"

	runs-on: ubuntu-latest

	env:
	PYTHONUNBUFFERED: 1
	GITHUB_ACTOR: ${{ github.actor }}
	GITHUB_TOKEN: ${{ secrets.VLSVC_PAT}}

	steps:
	- name: Checkout uberAgent-config
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.VLSVC_PAT }}
	path: uberAgent-config

	- name: Checkout uberAgent-config [${{ matrix.branch }}]
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.VLSVC_PAT }}
	ref: ${{ matrix.branch }}
	path: uberAgent-config-target

	- name: Checkout pySigma-backend-uberAgent [${{ matrix.converter-ref }}]
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.VLSVC_PAT }}
	repository: vastlimits/pySigma-backend-uberAgent
	path: pySigma-backend-uberAgent
	ref: ${{ matrix.converter-ref }}

	- name: Checkout sigma-cli
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.VLSVC_PAT }}
	repository: SigmaHQ/sigma-cli
	path: sigma-cli

	- name: Checkout sigma
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.VLSVC_PAT }}
	repository: SigmaHQ/sigma
	path: sigma

	- name: Set up Python
	uses: actions/setup-python@v2
	with:
	python-version: "3.10"

	- name: Install Poetry
	uses: abatilo/[email protected]
	with:
	poetry-version: "1.4.2"

	- name: Install
	working-directory: ./sigma-cli
	run: poetry install

	- name: Install pySigma-backend-uberAgent from pyPI
	working-directory: ./sigma-cli
	env:
	PYPI_HOST: ${{ matrix.pypi-host }}
	run: \|
	poetry source add ua_package_source ${{ matrix.pypi-host }}
	poetry add --source ua_package_source pySigma-backend-uberAgent

	- name: Prepare Build
	run: mkdir build

	- name: Build
	working-directory: build
	env:
	CURRENT_PIPELINE_VERSION: ${{ matrix.pipeline_version }}
	CURRENT_BACKEND_VERSION: ${{ matrix.backend-version }}
	COPY_RULES_ARGS: ${{ matrix.copy_rules_args }}
	run: \|
	# Activate poetry shell from sigma-cli in this shell
	. $(cd $GITHUB_WORKSPACE/sigma-cli ; poetry env info --path)/bin/activate

	# Copy rules
	chmod +x $GITHUB_WORKSPACE/pySigma-backend-uberAgent/copy-rules.py
	$GITHUB_WORKSPACE/pySigma-backend-uberAgent/copy-rules.py "$GITHUB_WORKSPACE/sigma/rules" $COPY_RULES_ARGS

	- name: Build (develop extra)
	if: ${{ matrix.branch == 'develop' }}
	working-directory: build
	run: \|
	# Activate poetry shell from sigma-cli in this shell
	. $(cd $GITHUB_WORKSPACE/sigma-cli ; poetry env info --path)/bin/activate

	# For testing, limited to develop.
	$GITHUB_WORKSPACE/pySigma-backend-uberAgent/copy-rules.py "$GITHUB_WORKSPACE/sigma/rules-threat-hunting" --skip_check_directory
	$GITHUB_WORKSPACE/pySigma-backend-uberAgent/copy-rules.py "$GITHUB_WORKSPACE/sigma/rules-emerging-threats" --skip_check_directory

	- name: Convert
	working-directory: build
	env:
	CURRENT_PIPELINE_VERSION: ${{ matrix.pipeline_version }}
	CURRENT_BACKEND_VERSION: ${{ matrix.backend-version }}
	COPY_RULES_ARGS: ${{ matrix.copy_rules_args }}
	run: \|
	# Activate poetry shell from sigma-cli in this shell
	. $(cd $GITHUB_WORKSPACE/sigma-cli ; poetry env info --path)/bin/activate

	# Convert rules
	chmod +x $GITHUB_WORKSPACE/pySigma-backend-uberAgent/convert-rules.sh
	$GITHUB_WORKSPACE/pySigma-backend-uberAgent/convert-rules.sh $(pwd) $CURRENT_PIPELINE_VERSION $CURRENT_BACKEND_VERSION

	- name: Push
	working-directory: uberAgent-config-target
	env:
	CURRENT_BRANCH: ${{ matrix.branch }}
	run: \|
	# Prepare Git environment
	git config --global user.email "[email protected]"
	git config --global user.name "vastlimits"
	git config --global --add safe.directory /github/workspace

	echo "machine github.com" > "$HOME/.netrc"
	echo " login $GITHUB_ACTOR" >> "$HOME/.netrc"
	echo " password $GITHUB_TOKEN" >> "$HOME/.netrc"

	echo "machine api.github.com" >> "$HOME/.netrc"
	echo " login $GITHUB_ACTOR" >> "$HOME/.netrc"
	echo " password $GITHUB_TOKEN" >> "$HOME/.netrc"

	# Delete existing rules instead of simply overwriting it to easily support
	# name changes or to not keep orphaned files.
	git rm config/uberAgent-ESA-am-sigma-*.conf \|\| true

	# Copy the just generated configuration.
	cp -v $GITHUB_WORKSPACE/build/*.conf config/

	# Git add and commit.
	git add config/*.conf
	git commit -m "Updated converted sigma rules for version $CURRENT_BRANCH" \|\| true

	git config --global --add --bool push.autoSetupRemote true \|\| true
	git push

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

uberAgent ESA Sigma rules #435

Workflow file

uberAgent ESA Sigma rules #435

Jobs

Run details

Workflow file for this run