.github/workflows/detections.yml

31 lines · yaml

name: detections
 
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:
 
permissions:
  contents: read
 
jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - run: pip install -r requirements.txt
      - name: Lint Sigma rules
        run: sigma check rules/
      - name: Schema + ATT&CK tests
        run: pytest -q
      - name: Convert to Splunk / Elastic / Sentinel
        run: python tools/convert.py
      - uses: actions/upload-artifact@v4
        with:
          name: converted-queries
          path: dist/

1	name: detections
2
3	on:
4	push:
5	branches: [main]
6	pull_request:
7	branches: [main]
8	workflow_dispatch:
9
10	permissions:
11	contents: read
12
13	jobs:
14	validate:
15	runs-on: ubuntu-latest
16	steps:
17	- uses: actions/checkout@v4
18	- uses: actions/setup-python@v5
19	with:
20	python-version: "3.11"
21	- run: pip install -r requirements.txt
22	- name: Lint Sigma rules
23	run: sigma check rules/
24	- name: Schema + ATT&CK tests
25	run: pytest -q
26	- name: Convert to Splunk / Elastic / Sentinel
27	run: python tools/convert.py
28	- uses: actions/upload-artifact@v4
29	with:
30	name: converted-queries
31	path: dist/