Skip to content

Create encoded rule package #27

Create encoded rule package

Create encoded rule package #27

name: Create encoded rule package
on:
workflow_dispatch:
schedule:
- cron: '30 20 * * *'
jobs:
zip-and-commit:
runs-on: ubuntu-latest
steps:
- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Setup Poetry
run: |
curl -sSL https://install.python-poetry.org | python3 -
- name: Checkout Sigma
uses: actions/checkout@v4
with:
repository: SigmaHQ/sigma
path: sigma-repo
- name: Checkout sigma-to-hayabusa-converter
uses: actions/checkout@v4
with:
repository: Yamato-Security/sigma-to-hayabusa-converter
path: sigma-to-hayabusa-converter
- name: Checkout hayabusa-rules
uses: actions/checkout@v4
with:
repository: Yamato-Security/hayabusa-rules
path: hayabusa-rules
- name: Checkout self repository
uses: actions/checkout@v4
with:
path: './self'
- name: Update Sigma rules
run: |
cd sigma-to-hayabusa-converter
poetry install --no-root
sed -i.bak '/^[^#]/d' ignore-uuid-list.txt
poetry run python sigma-to-hayabusa-converter.py -r ../sigma-repo -o converted_rules
cd -
rm -rf hayabusa-rules/sigma/
mkdir hayabusa-rules/sigma/
cp -r sigma-to-hayabusa-converter/converted_rules/* hayabusa-rules/sigma/
- name: Extract directory
run: |
mkdir rules
mv hayabusa-rules/config ./rules/
mv hayabusa-rules/hayabusa ./rules/
mv hayabusa-rules/sigma ./rules/
- name: Zip directory
run: |
sudo apt-get install zip
zip -r -P yamato-security-hayabusa rules.zip ./rules
- name: Encode rules
run: |
cd self
HAYABUSA_RULES_ABS_PATH=$(realpath ../rules)
ENCODED_RULES_ABS_PATH=$(realpath ../encoded_rules.yml)
CONFIG_TXT_ABS_PATH=$(realpath ../rules_config_files.txt)
cargo run --release -- $HAYABUSA_RULES_ABS_PATH $ENCODED_RULES_ABS_PATH $CONFIG_TXT_ABS_PATH
- name: Copy zip and encrypted file to self repository
run: |
cp ./rules.zip ./self
cp ./encoded_rules.yml ./self
cp ./rules_config_files.txt ./self
- name: Configure Git
run: |
cd ./self
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'
- name: Commit changes
run: |
cd ./self
git add rules.zip
git add encoded_rules.yml
git add rules_config_files.txt
git commit -m "Automated update"
- name: Push changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cd ./self
if [ "$(git log -1 --pretty=%B)" = "Automated update" ]; then
git push origin main
fi