diff --git a/.github/workflows/integrate_rulesets.yml b/.github/workflows/integrate_rulesets.yml index 6d14502..27c3b29 100644 --- a/.github/workflows/integrate_rulesets.yml +++ b/.github/workflows/integrate_rulesets.yml @@ -1,30 +1,31 @@ -name: Update Rulesets on SIEM +name: Deploy Rulesets to Wazuh Cloud + on: push: - branches: [ "main" ] - paths: ["**.xml"] + branches: ["main"] + paths: ["rules/**.xml", "decoders/**.xml"] workflow_dispatch: jobs: - - DaaC: + deploy: runs-on: ubuntu-latest + steps: - - name: Apply modified or new decoders and rules to SIEM - uses: appleboy/ssh-action@v1.0.0 + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v4 with: - host: ${{ secrets.HOST }} - username: ${{ secrets.USERNAME }} - key: ${{ secrets.SSH_KEY }} - port: ${{ secrets.PORT }} - script: | - sudo bash -c ' - cd /var/ossec/etc/ - git pull origin main - chown wazuh:wazuh /var/ossec/etc/decoders/* && chmod 660 /var/ossec/etc/decoders/* - chown wazuh:wazuh /var/ossec/etc/rules/* && chmod 660 /var/ossec/etc/rules/* - sudo systemctl restart wazuh-manager \ - && echo "Ruleset apply SUCCESS!!! - Wazuh manager restarted successfully." \ - || echo "Ruleset apply FAILURE!!! - Wazuh manager failed to restart, check ruleset for error..." - sudo systemctl status wazuh-manager -l --no-pager - ' \ No newline at end of file + python-version: "3.10" + + - name: Install dependencies + run: pip install requests + + - name: Deploy rules and decoders to Wazuh Cloud + env: + WAZUH_API_URL: ${{ secrets.WAZUH_API_URL }} + WAZUH_USER: ${{ secrets.WAZUH_API_USER }} + WAZUH_PASSWORD: ${{ secrets.WAZUH_API_PASSWORD }} + run: | + python deploy_to_wazuh.py diff --git a/rules/test_rule.xml b/rules/test_rule.xml new file mode 100644 index 0000000..0a06fc6 --- /dev/null +++ b/rules/test_rule.xml @@ -0,0 +1,6 @@ + + + RaC test rule - safe to delete + no_full_log + + \ No newline at end of file