Skip to content

Moving a rule file between conversions without modifying the file does not produce output #180

New issue
New issue
Open
Bug
Open
Moving a rule file between conversions without modifying the file does not produce output#180
Bug
Labels
converterIssues related to the conversion of Sigma rulesintegratorIssues related to the integration of queries
@kelnage

Description

@kelnage
kelnage
opened on Oct 24, 2025

Story (Outcome/Output) (Required)

A user will likely test rule conversions in a single PR with multiple conversions, but may need to move rules between the different conversions in later commits in the same PR. However, as SRD won't re-convert/integrate files that haven't changed since the last SRD run, it won't create the new conversion or integration output.

Context

We added functionality to delete unused conversion and deployment output in #85 - but this does not take into account where those Sigma rule file paths have been moved elsewhere.

Definition of Done (Required)

Adding a conversion config in one PR with associated rule and then renaming the config, or adding the file paths to another conversion config should result in both the removal of the old outputs, but also the creation of new ones.

Implementation Plan

TBD

Testing Plan

Update integration test environment to include removing a conversion and moving a converted file to another conversion.

Dependencies (Required)

None

Metadata

Metadata

Assignees

No one assigned

    Labels

    converterIssues related to the conversion of Sigma rulesintegratorIssues related to the integration of queries

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions