This GitHub action can be used to convert Microsoft Sentinel yaml files to deployable ARM templates.
Add the following code block to your Github workflow:
name: template
on:
push:
paths:
- samples/**
jobs:
template:
name: Asim-ToARM
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: SecureHats template
uses: SecureHats/KQL-ToArm@v0.0.1
with:
filesPath: ./samples
outputFolder: ./outputThis Action has the following format inputs.
| Name | Req | Type | Description |
|---|---|---|---|
filesPath |
true | string | Path to the directory containing the log files to convert, relative to the root of the project. This path is optional and defaults to the project root, in which case all yaml files across the entire project tree will be discovered. |
outputFolder |
true | string | Path to the directory containing the log files to convert, relative to the root of the project. This path is optional and defaults to the project root, in which case all yaml files across the entire project tree will be discovered. |
returnObject |
false | boolean | IN DEVELLOPMENT The default value when not set is false. When the value is set to true a action will return an ARM template as an object instead of one of multiple files. |
See backlog
If you encounter any issues, or hae suggestions for improvements, feel free to open an Issue