-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathyml-to-spl.groovy
72 lines (59 loc) · 2.29 KB
/
yml-to-spl.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
pipeline {
agent any
environment {
GIT_REPO_URL = 'https://github.com/SigmaHQ/sigma'
}
stages {
stage('Clean Workspace') {
steps {
cleanWs()
echo "Workspace cleaned."
}
}
stage('Clone Repository') {
steps {
git branch: 'master', url: "$GIT_REPO_URL"
echo "Repository cloned: $GIT_REPO_URL"
}
}
stage('Process YAML Files') {
steps {
script {
sh '''
set -e # Exit on error
echo "Starting YAML processing..."
# Directory where Sigma rules are stored
RULES_DIR="${WORKSPACE}/rules"
# Find all .yml files
find "$RULES_DIR" -name '*.yml' | while read file; do
echo "Processing file: $file"
# Set output .spl file path
spl_file="${file%.yml}.spl"
# Attempt conversion
if ! sigma convert -t splunk -p sysmon "$file" -o "$spl_file"; then
echo "Conversion failed for: $file"
echo "Skipping this file and moving to the next."
continue # Skip the current file and continue with the next one
fi
echo "Conversion successful: $file -> $spl_file"
# Remove the original YAML file
rm -f "$file"
done
echo "YAML processing completed."
'''
}
}
}
}
post {
always {
echo "Pipeline completed."
}
success {
echo "Pipeline executed successfully."
}
failure {
echo "Pipeline execution failed. Please check the logs for details."
}
}
}