search

atc-project / atomic-threat-coverage

Actionable analytics designed to combat threats
Apache License 2.0
970 stars 157 forks source link

make fails: Wrong assumption regarding the existence of two dirs in the Sigma-repo #231

Closed krejac closed 2 years ago

krejac commented 2 years ago

When executing make (without parameters) on a fresh pull of the repo it fails because of a wrong assumption regarding the existence of two dirs: detection_rules/sigma/rules/windows/malware and detection_rules/sigma/rules/windows/other (which doesn't exist at the Sigma-repo anymore).

[*] Creating markdown repository and pushing data
python3 main.py --markdown --auto --init
Traceback (most recent call last):
  File "main.py", line 5, in <module>
    from scripts.populatemarkdown import PopulateMarkdown
  File "/[path-to-repo]/atomic-threat-coverage/scripts/populatemarkdown.py", line 10, in <module>
    from scripts.customer import Customer
  File "/[path-to-repo]/atomic-threat-coverage/scripts/customer.py", line 24, in <module>
    rules, paths = ATCutils.load_yamls_with_paths(dr_path)
  File "/[path-to-repo]/atomic-threat-coverage/scripts/atcutils.py", line 222, in load_yamls_with_paths
    yamls = [join(path, f) for f in listdir(path) if isfile(
FileNotFoundError: [Errno 2] No such file or directory: 'detection_rules/sigma/rules/windows/malware'
make: *** [Makefile:47: markdown] Error 1

If I comment out the git submodule part of the setup_repo-part of the makefile and create the two dirs manually it works fine. :)

krejac commented 2 years ago

... and a WAY better way to get around this would be to just remove those to directories from config.yml (or config.default.yml) line 15+16.