Mostafa Moradian
416de03cdc
chore: Add comment to the code chore: Ignore inaccessible file chore: Switch to using the action for validating Sigma rules Thanks: @mostafa
49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
name: Validate Sigma rules
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- "*"
|
|
paths:
|
|
- "deprecated/**.yml"
|
|
- "rules-compliance/**.yml"
|
|
- "rules-dfir/**.yml"
|
|
- "rules-emerging-threats/**.yml"
|
|
- "rules-placeholder/**.yml"
|
|
- "rules-threat-hunting/**.yml"
|
|
- "rules/**.yml"
|
|
- "tests/validate-sigma-schema/validate.sh"
|
|
- "unsupported/**.yml"
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
paths:
|
|
- "deprecated/**.yml"
|
|
- "rules-compliance/**.yml"
|
|
- "rules-dfir/**.yml"
|
|
- "rules-emerging-threats/**.yml"
|
|
- "rules-placeholder/**.yml"
|
|
- "rules-threat-hunting/**.yml"
|
|
- "rules/**.yml"
|
|
- "tests/validate-sigma-schema/validate.sh"
|
|
- "unsupported/**.yml"
|
|
|
|
# Allows you to run this workflow manually from the Actions tab
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
validate-sigma-rules:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Validate Sigma rules
|
|
uses: SigmaHQ/validate-sigma-rules@v0
|
|
env:
|
|
SIGMA_RULES_PATH: |-
|
|
./rules
|
|
./rules-compliance
|
|
./rules-dfir
|
|
./rules-emerging-threats
|
|
./rules-placeholder
|
|
./rules-threat-hunting
|
|
SIGMA_SCHEMA_FILE: ${{ github.workspace }}/tests/validate-sigma-schema/sigma-schema.json
|