This GitHub action can be used to validate Microsoft Sentinel Analytics rules in both JSON and YML format.
Add the following code block to your Github workflow:
name: Analytics
on: push
jobs:
pester-test:
name: validate detections
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Validate Sentinel Analytics Rules
uses: SecureHats/validate-detections@v1.3.0
with:
filesPath: templates
logLevel: MinimalThis Action defines the following formal inputs.
| Name | Req | Description |
|---|---|---|
filesPath |
false | Path to the directory that contain the files to be tested, relative to the root of the project. This path is optional and defaults to the project root, in which case all files across the entire project tree will be discovered. |
logLevel |
false | This indicates the verbosity of the testing engine. The default is set to Normal which shows all the passed and failed tests in the output. Optional values are None, Minimal, Normal, Detailed, Diagnostic When using Minimal only non-passed test results will be shown. The available verbosity options are based on the pester documentation. |
- No support for Hunting Queries
- No support for Fusion rules