security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

workflow: execute evtx-sigma-checker

Browse Source
This commit is contained in:
phantinuss
2022-02-18 13:33:29 +01:00
parent fa083b5008
commit e6fe8fdedd
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/sigma-test.yml
+17
View File
@@ -39,3 +39,20 @@ jobs:
- uses: actions/checkout@v2
- name: yaml-lint
uses: ibiqlik/action-yamllint@v3
check-baseline-win10:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Download evtx-sigma-checker
run: wget https://github.com/NextronSystems/evtx-baseline/releases/download/v0.1/evtx-sigma-checker
- name: Download and extract Windows 10 baseline
run: |
wget https://github.com/NextronSystems/evtx-baseline/releases/download/v0.1/win10-client-v0.1.tgz
tar xzf win10-client-v0.1.tgz
- name: Remove deprecated rules
run: grep -ER "^status: deprecated" rules | xargs -r rm
- name: Run evtx-sigma-checker
run: |
chmod +x evtx-sigma-checker
./evtx-sigma-checker --log-source tools/config/thor.yml --evtx-path Logs_Client/ --rule-path rules/windows/ > findings-client.json
cat findings-client.json