Audit Native Parser #2415
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Each pull request that updates ASIM parsers triggers the script. | |
# The script runs ASIM Schema and Data testers on the "eco-connector-test" workspace. | |
name: Run ASIM tests on "ASIM-SchemaDataTester-GithubShared" workspace | |
on: | |
pull_request_target: | |
types: [opened, edited, reopened, synchronize] | |
branches: | |
- master | |
paths: | |
- 'Parsers/ASimDns/Parsers/**' | |
- 'Parsers/ASimNetworkSession/Parsers/**' | |
- 'Parsers/ASimWebSession/Parsers/**' | |
- 'Parsers/ASimProcessEvent/Parsers/**' | |
- 'Parsers/ASimAuditEvent/Parsers/**' | |
- 'Parsers/ASimAuthentication/Parsers/**' | |
- 'Parsers/ASimFileEvent/Parsers/**' | |
- 'Parsers/ASimRegistryEvent/Parsers/**' | |
- 'Parsers/ASimUserManagement/Parsers/**' | |
- 'Parsers/ASimDhcpEvent/Parsers/**' | |
- 'Parsers/ASimAlertEvent/Parsers/**' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
Run-ASim-TemplateValidation: | |
name: Run ASim Template Validation tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request branch | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{github.event.pull_request.head.ref}} | |
repository: ${{github.event.pull_request.head.repo.full_name}} | |
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token. | |
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository. | |
- name: Setup git config | |
run: | | |
git config --local user.name "github-actions[bot]" | |
git config --local user.email "<>" | |
- name: Merge master into pull request branch | |
run: | | |
git merge origin/master | |
Conflicts=$(git ls-files -u | wc -l) | |
if [ "$Conflicts" -gt 0 ] ; then | |
echo "There is a merge conflict. Aborting" | |
git merge --abort | |
exit 1 | |
fi | |
- name: Set up Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: '3.x' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install requests | |
pip install PyYAML | |
pip install tabulate | |
- name: Run ASim parsers template validations python script | |
run: | | |
filePath=".script/tests/asimParsersTest/VerifyASimParserTemplate.py" | |
url="https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/.script/tests/asimParsersTest/VerifyASimParserTemplate.py" | |
# Check if file exists and delete if it does | |
if [ -f "$filePath" ]; then | |
rm -f "$filePath" | |
fi | |
# Download the file | |
echo "Downloading script from the master: $url" | |
curl -o "$filePath" "$url" | |
# Execute the script | |
python "$filePath" | |
Run-ASim-Sample-Data-Ingest: | |
needs: Run-ASim-TemplateValidation | |
name: Run ASim Sample Data Ingestion | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request branch | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{github.event.pull_request.head.ref}} | |
repository: ${{github.event.pull_request.head.repo.full_name}} | |
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token. | |
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository. | |
- name: Setup git config | |
run: | | |
git config --local user.name "github-actions[bot]" | |
git config --local user.email "<>" | |
- name: Merge master into pull request branch | |
run: | | |
git merge origin/master | |
Conflicts=$(git ls-files -u | wc -l) | |
if [ "$Conflicts" -gt 0 ] ; then | |
echo "There is a merge conflict. Aborting" | |
git merge --abort | |
exit 1 | |
fi | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install azure-identity | |
pip install requests | |
pip install PyYAML | |
pip install azure-monitor-ingestion | |
pip install azure-core | |
- name: Login to Azure Public Cloud | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_ASIM_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
allow-no-subscriptions: true | |
- name: Asim Sample Log Ingestion | |
id: Ingestlogs | |
run: | | |
filePath=".script/tests/asimParsersTest/ingestASimSampleData.py" | |
url="https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/.script/tests/asimParsersTest/ingestASimSampleData.py" | |
# Check if file exists and delete if it does | |
if [ -f "$filePath" ]; then | |
rm -f "$filePath" | |
fi | |
# Download the file | |
echo "Downloading script from the master: $url" | |
curl -o "$filePath" "$url" | |
chmod +x "$filePath" | |
# Execute the script | |
python "$filePath" "${{ github.event.pull_request.number }}" | |
Run-ASim-Schema-Data-tests: | |
needs: Run-ASim-Sample-Data-Ingest | |
name: Run ASim Schema and Data tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request branch | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
persist-credentials: false | |
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository. | |
- name: Login to Azure Public Cloud with AzPowershell | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_ASIM_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
enable-AzPSSession: true | |
allow-no-subscriptions: true | |
- name: Setup git config | |
run: | | |
git config --local user.name "github-actions[bot]" | |
git config --local user.email "<>" | |
- name: Merge master into pull request branch | |
run: | | |
git merge origin/master | |
Conflicts=$(git ls-files -u | wc -l) | |
if [ "$Conflicts" -gt 0 ] ; then | |
echo "There is a merge conflict. Aborting" | |
git merge --abort | |
exit 1 | |
fi | |
- name: Run ASIM Schema and Data tests PowerShell script | |
uses: azure/powershell@v2 | |
with: | |
inlineScript: | | |
$filePath = ".script/tests/asimParsersTest/runAsimTesters.ps1" | |
$url = "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/.script/tests/asimParsersTest/runAsimTesters.ps1" | |
# Check if file exists and delete if it does | |
if (Test-Path $filePath) { | |
Remove-Item $filePath -Force | |
} | |
# Download the runAsimTesters file | |
Write-Host "Downloading script from the master: $url" | |
Invoke-WebRequest -Uri $url -OutFile $filePath | |
# download the convertYamlToObject.ps1 script form master | |
$filePath_convert_yaml = ".script/tests/asimParsersTest/convertYamlToObject.ps1" | |
$url_convert_yaml = "https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/.script/tests/asimParsersTest/convertYamlToObject.ps1" | |
# Check if file exists and delete if it does | |
if (Test-Path $filePath_convert_yaml) { | |
Remove-Item $filePath_convert_yaml -Force | |
} | |
# Download the convertYamlToObject file | |
Write-Host "Downloading script from the master: $url_convert_yaml" | |
Invoke-WebRequest -Uri $url_convert_yaml -OutFile $filePath_convert_yaml | |
# Execute the script | |
& $filePath | |
azPSVersion: "latest" | |
Run-ASim-Parser-Filtering-Tests: | |
needs: Run-ASim-Sample-Data-Ingest | |
name: Run ASim Parser Filtering tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request branch | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token. | |
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository. | |
- name: Setup git config | |
run: | | |
git config --local user.name "github-actions[bot]" | |
git config --local user.email "<>" | |
- name: Merge master into pull request branch | |
run: | | |
git merge origin/master | |
Conflicts=$(git ls-files -u | wc -l) | |
if [ "$Conflicts" -gt 0 ] ; then | |
echo "There is a merge conflict. Aborting" | |
git merge --abort | |
exit 1 | |
fi | |
- name: Setup Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: '3.x' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install PyYAML | |
pip install azure-identity | |
pip install azure-monitor-query | |
- name: Login to Azure Public Cloud | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_ASIM_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
allow-no-subscriptions: true | |
- name: Run ASim parsers filtering tests python script | |
run: | | |
filePath=".script/tests/asimParsersTest/ASimFilteringTest.py" | |
url="https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/.script/tests/asimParsersTest/ASimFilteringTest.py" | |
# Check if file exists and delete if it does | |
if [ -f "$filePath" ]; then | |
rm -f "$filePath" | |
fi | |
# Download the file | |
echo "Downloading script from the master: $url" | |
curl -o "$filePath" "$url" | |
# Execute the script | |
python "$filePath" |