Automatically update heatmap json when new rule is pushed to master. #5213
Conversation
Create workflow to automatically update heatmap when new rule is pushed to master
github-actions
bot
added
the
Maintenance
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Welcome @JrOrOneEquals1 👋
It looks like this is your first pull request on the Sigma rules repository!
Please make sure to read the SigmaHQ conventions document to make sure your contribution is adhering to best practices and has all the necessary elements in place for a successful approval.
Thanks again, and welcome to the Sigma community! 😃
.github/workflows/update-heatmap.yml
Outdated
| push: | ||
| branches: [ "master" ] | ||
|
|
||
| jobs: | ||
| generate-heatmap: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.ref_name }} | ||
| submodules: true | ||
|
|
||
| - name: Install Sigma | ||
| run: pipx install sigma-cli | ||
|
|
||
| - name: Update Heatmap | ||
| run: sigma analyze attack count ./other/sigma_attack_nav_coverage.json rule* | ||
|
|
||
| - name: Commit and Push Changes | ||
| run: | | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | ||
| git add ./other/sigma_attack_nav_coverage.json | ||
| git add ./other/sigma_attack_nav_coverage.png | ||
| if git diff --cached --quiet; then | ||
| echo "No changes to commit." | ||
| else | ||
| git commit -m "Generated heatmap for commit ${{ github.sha }}" | ||
| git push origin $GITHUB_REF_NAME | ||
| fi |
There was a problem hiding this comment.
Its not recommended to do it this way.
Please take a look at this workflow we already have https://github.com/SigmaHQ/sigma/blob/master/.github/workflows/sigma-rule-promoter.yml and apply similar changes.
A PR needs to be created and the workflow needs to be run once a month
nasbench
added
the
Author Input Required
Modify update-heatmap.yml to run the workflow once a month, and create a new pull request.
|
Updated the file with those changes, can you check it out? |
Summary of the Pull Request
Adds a new workflow in GitHub Actions to automatically update 'other/sigma_attack_nav_coverage.json' when a new rule is pushed to master.
The workflow will create and push a new commit containing the updated json when a change is detected between the generated and current json, and the commit message will have the SHA of the triggering commit for reference.
This will overwrite the changes from PR #5210 since it builds from the current sigma-cli. Once the cli gets updated with the new format and version numbers, the json will be updated the next time this workflow runs.
Changelog
chore: workflow - auto-update heatmap
Example Log Event
Fixed Issues
SigmaHQ Rule Creation Conventions