search

LivingInSyn / RMML

A list of RMMs designed to be used in automation to build alerts
MIT License
102 stars 8 forks source link

Feature Request: Generate JSON object from YAML files in Workflow #27

Closed Korving-F closed 4 weeks ago

Korving-F commented 1 month ago

Consuming the entire project is typically easier when using JSON objects (e.g., Tools like Sentinel / Defender can make use of an externaldata operator).

It would be nice to see the YAML files being converted into a consumable JSON object through your github workflows.

See for example Sysmon and Loldrivers. This last one ties also into #17 since it shows an example for the auto sigma-rule creation logic.

See below a quick snippet I used to generate it for myself.

import yaml
import json
from pathlib import Path

# Read in all RMM-definition files
files = Path('./RMMs').rglob('*.yml')

# Initialize final JSON array 
final_json_object = []

# Go over each file and append the YAML object
for file in files:
    with open(file,'r') as yaml_in:
        yaml_object = yaml.safe_load(yaml_in)
        final_json_object.append(yaml_object)

# Write out the final JSON to file
with open('rmm.json','w') as f:
    f.write(json.dumps(final_json_object))
# requires dependency installation
$ pip install pyyaml

P.s. Awesome project and congratulations ^_^ image

LivingInSyn commented 1 month ago

Would you want to see each RMM as an individual json file or one file with all of the RMMs?

Korving-F commented 1 month ago

One file with all of them combined.

LivingInSyn commented 4 weeks ago

Fixed in v1.4.0

https://github.com/LivingInSyn/RMML/releases/tag/v1.4.0