Skip to content

Integration-Test

Integration-Test #172

name: Integration-Test
on:
workflow_dispatch:
jobs:
takajo-integration-test:
runs-on: ubuntu-latest
steps:
- name: setup Nim
uses: jiro4989/setup-nim-action@v2
with:
nim-version: '2.x' # default is 'stable'
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: clone takajo
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
path: takajo
- name: build takajo
run: |
cd takajo
nimble update
nimble build -d:release --threads:on
cd ../
- name: clone hayabusa
uses: actions/checkout@v4
with:
repository: Yamato-Security/hayabusa
submodules: recursive
path: hayabusa
- name: clone hayabusa-sample-evtx
uses: actions/checkout@v4
with:
repository: Yamato-Security/hayabusa-sample-evtx
path: hayabusa-sample-evtx
- name: run hayabusa timeline
run: |
cd hayabusa
git fetch --prune --unshallow
LATEST_VER=`git describe --tags --abbrev=0`
URL="https://github.com/Yamato-Security/hayabusa/releases/download/${LATEST_VER}/hayabusa-${LATEST_VER#v}-lin-x64-gnu.zip"
mkdir tmp
cd tmp
curl -OL $URL
unzip *.zip
chmod +x hayabusa-${LATEST_VER#v}-lin-x64-gnu
./hayabusa-${LATEST_VER#v}-lin-x64-gnu update-rules
./hayabusa-${LATEST_VER#v}-lin-x64-gnu csv-timeline -d ../../hayabusa-sample-evtx -w -p super-verbose -o ../../takajo/timeline.csv
./hayabusa-${LATEST_VER#v}-lin-x64-gnu json-timeline -d ../../hayabusa-sample-evtx -L -w -p super-verbose -o ../../takajo/timeline.jsonl
- name: run extract-credentials
run: cd takajo && ./takajo extract-credentials -t timeline.jsonl -o credentials.csv
- name: run extract-scriptblocks
run: cd takajo && ./takajo extract-scriptblocks -t timeline.jsonl
- name: run extract-scriptblocks(-s)
run: cd takajo && ./takajo extract-scriptblocks -t timeline.jsonl -s
- name: run extract-scriptblocks(-o)
run: cd takajo && ./takajo extract-scriptblocks -t timeline.jsonl -o scriptblocks
- name: run extract-scriptblocks(-l)
run: cd takajo && ./takajo extract-scriptblocks -t timeline.jsonl -o scriptblocks -l informational
- name: run html-report
run: cd takajo && ./takajo html-report -t timeline.jsonl -o out
- name: run list-domain(-o)
run: cd takajo && ./takajo list-domains -t timeline.jsonl -o domains.txt
- name: run list-domain(-s)
run: cd takajo && ./takajo list-domains -t timeline.jsonl -o domains.txt -s
- name: run list-domain(-d/-w)
run: cd takajo && ./takajo list-domains -t timeline.jsonl -o domains.txt -d -w
- name: run list-hashes(-o)
run: cd takajo && ./takajo list-hashes -t timeline.jsonl -o case-1
- name: run list-hashes(-s)
run: cd takajo && ./takajo list-hashes -t timeline.jsonl -o case-1 -s
- name: run list-ip-addresses(-o)
run: cd takajo && ./takajo list-ip-addresses -t timeline.jsonl -o ipAddresses.txt
- name: run list-ip-addresses(-s)
run: cd takajo && ./takajo list-ip-addresses -t timeline.jsonl -o ipAddresses.txt -s
- name: run list-ip-addresses(-i)
run: cd takajo && ./takajo list-ip-addresses -t timeline.jsonl -o ipAddresses.txt -i=false
- name: run list-undetected-evtx
run: cd takajo && ./takajo list-undetected-evtx -t timeline.csv -e ../hayabusa-sample-evtx
- name: run list-undetected-evtx(-o)
run: cd takajo && ./takajo list-undetected-evtx -t timeline.csv -e ../hayabusa-sample-evtx -o undetected-evtx.txt
- name: run list-unused-rules
run: cd takajo && ./takajo list-unused-rules -t timeline.csv -r ../hayabusa/tmp/rules
- name: run list-unused-rules(-o)
run: cd takajo && ./takajo list-unused-rules -t timeline.csv -r ../hayabusa/tmp/rules -o unused-rules.txt
- name: run split-csv-timeline
run: cd takajo && ./takajo split-csv-timeline -t timeline.csv
- name: run split-json-timeline
run: cd takajo && ./takajo split-json-timeline -t timeline.jsonl
- name: run stack-computers
run: cd takajo && ./takajo stack-computers -t timeline.jsonl
- name: run stack-computers(-o)
run: cd takajo && ./takajo stack-computers -t timeline.jsonl -o computers.csv
- name: run stack-computers(-l)
run: cd takajo && ./takajo stack-computers -t timeline.jsonl -o computers.csv -l high
- name: run stack-computers(-s)
run: cd takajo && ./takajo stack-computers -t timeline.jsonl -o computers.csv -s
- name: run stack-computers(-c)
run: cd takajo && ./takajo stack-computers -t timeline.jsonl -o computers.csv -c
- name: run stack-cmdlines
run: cd takajo && ./takajo stack-cmdlines -t timeline.jsonl
- name: run stack-cmdlines(-o)
run: cd takajo && ./takajo stack-cmdlines -t timeline.jsonl -o cmdlines.csv
- name: run stack-cmdlines(-s)
run: cd takajo && ./takajo stack-cmdlines -t timeline.jsonl -o cmdlines.csv -s
- name: run stack-cmdlines(-l)
run: cd takajo && ./takajo stack-cmdlines -t timeline.jsonl -o cmdlines.csv -l informational
- name: run stack-dns
run: cd takajo && ./takajo stack-dns -t timeline.jsonl
- name: run stack-dns(-o)
run: cd takajo && ./takajo stack-dns -t timeline.jsonl -o dns.csv
- name: run stack-dns(-s)
run: cd takajo && ./takajo stack-dns -t timeline.jsonl -o dns.csv -s
- name: run stack-ip-addresses
run: cd takajo && ./takajo stack-ip-addresses -t timeline.jsonl
- name: run stack-ip-addresses(-o)
run: cd takajo && ./takajo stack-ip-addresses -t timeline.jsonl -o ipAddresses.csv
- name: run stack-ip-addresses(-a)
run: cd takajo && ./takajo stack-ip-addresses -t timeline.jsonl -o ipAddresses.csv -a
- name: run stack-ip-addresses(-s)
run: cd takajo && ./takajo stack-ip-addresses -t timeline.jsonl -o ipAddresses.csv -s
- name: run stack-logons
run: cd takajo && ./takajo stack-logons -t timeline.jsonl
- name: run stack-logons(-l)
run: cd takajo && ./takajo stack-logons -t timeline.jsonl -l
- name: run stack-logons(-o)
run: cd takajo && ./takajo stack-logons -t timeline.jsonl -o logon.csv
- name: run stack-logons(-s)
run: cd takajo && ./takajo stack-logons -t timeline.jsonl -o logon.csv -s
- name: run stack-processes
run: cd takajo && ./takajo stack-processes -t timeline.jsonl
- name: run stack-processes(-o)
run: cd takajo && ./takajo stack-processes -t timeline.jsonl -o processes.csv
- name: run stack-processes(-s)
run: cd takajo && ./takajo stack-processes -t timeline.jsonl -o processes.csv -s
- name: run stack-processes(-l)
run: cd takajo && ./takajo stack-processes -t timeline.jsonl -o processes.csv -l informational
- name: run stack-services
run: cd takajo && ./takajo stack-services -t timeline.jsonl
- name: run stack-services(-o)
run: cd takajo && ./takajo stack-services -t timeline.jsonl -o services.csv
- name: run stack-services(-s)
run: cd takajo && ./takajo stack-services -t timeline.jsonl -o services.csv -s
- name: run stack-tasks
run: cd takajo && ./takajo stack-tasks -t timeline.jsonl
- name: run stack-tasks(-o)
run: cd takajo && ./takajo stack-tasks -t timeline.jsonl -o tasks.csv
- name: run stack-tasks(-s)
run: cd takajo && ./takajo stack-tasks -t timeline.jsonl -o tasks.csv -s
- name: run stack-users
run: cd takajo && ./takajo stack-users -t timeline.jsonl
- name: run stack-users(-o)
run: cd takajo && ./takajo stack-users -t timeline.jsonl -o users.csv
- name: run stack-users(-s)
run: cd takajo && ./takajo stack-users -t timeline.jsonl -o users.csv -s
- name: run stack-users(-c)
run: cd takajo && ./takajo stack-users -t timeline.jsonl -o users.csv -c
- name: run sysmon-process-tree
run: cd takajo && ./takajo sysmon-process-tree -t timeline.jsonl -p "365ABB72-3D4A-5CEB-0000-0010FA93FD00" -o process-tree.txt
- name: run timeline-logon
run: cd takajo && ./takajo timeline-logon -t timeline.jsonl -o logon-timeline.csv
- name: run timeline-logon(-c)
run: cd takajo && ./takajo timeline-logon -t timeline.jsonl -c -o logon-timeline.csv
- name: run timeline-logon(-l)
run: cd takajo && ./takajo timeline-logon -t timeline.jsonl -l -o logon-timeline.csv
- name: run timeline-logon(-a)
run: cd takajo && ./takajo timeline-logon -t timeline.jsonl -a -o logon-timeline.csv
- name: run timeline-logon(-s)
run: cd takajo && ./takajo timeline-logon -t timeline.jsonl -s -o logon-timeline.csv
- name: run timeline-partition-diagnostic
run: cd takajo && ./takajo timeline-partition-diagnostic -t timeline.jsonl -o partition-diagnostic-timeline.csv
- name: run timeline-partition-diagnostic(-s)
run: cd takajo && ./takajo timeline-partition-diagnostic -t timeline.jsonl -o partition-diagnostic-timeline.csv -s
- name: run timeline-suspicious-process
run: cd takajo && ./takajo timeline-suspicious-process -t timeline.jsonl -o suspicous-processes.csv
- name: run timeline-suspicious-process(-s)
run: cd takajo && ./takajo timeline-suspicious-process -t timeline.jsonl -o suspicous-processes.csv -s
- name: run timeline-tasks
run: cd takajo && ./takajo timeline-tasks -t timeline.jsonl -o task-timeline.csv
- name: run timeline-tasks(-s)
run: cd takajo && ./takajo timeline-tasks -t timeline.jsonl -o task-timeline.csv -s
- name: run ttp-summary
run: cd takajo && ./takajo ttp-summary -t timeline.jsonl -o ttp-summary.csv
- name: run ttp-summary(-s)
run: cd takajo && ./takajo ttp-summary -t timeline.jsonl -o ttp-summary.csv -s
- name: run ttp-visualize
run: cd takajo && ./takajo ttp-visualize -t timeline.jsonl
- name: run ttp-visualize(-s)
run: cd takajo && ./takajo ttp-visualize -t timeline.jsonl -s
- name: run ttp-visualize-sigma
run: cd takajo && ./takajo ttp-visualize-sigma -r ../hayabusa/tmp/rules
- name: run automagic
run: cd takajo && ./takajo automagic -t timeline.jsonl