Update ThreatHuntDB with Splunk detections #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update ThreatHuntDB with Splunk detections | |
| on: workflow_dispatch | |
| jobs: | |
| update-splunk-detections: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout 🛎️ | |
| uses: actions/checkout@v4 # check out the the ThreatHuntDB repo | |
| with: | |
| persist-credentials: true | |
| #ssh-key: ${{ secrets.DEPLOY_KEY }} | |
| #- shell: bash # query Splunk public API to get latest detections | |
| - name: Get Splunk detections with curl | |
| run: | | |
| curl -o ./data/splunk-detections.json https://content.splunkresearch.com/detections | |
| - name: Add and commit changes | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "djjoa" | |
| git add ./data/splunk-detections.json | |
| git commit -m "Updated ThreatHuntDB with latest Splunk detections and hunts." | |
| git push origin main | |
| # - uses: EndBug/add-and-commit@v9 # commit and add the new Splunk data file to the repo | |
| # with: | |
| # message: 'Updated Splunk detection file' | |
| # add: './data/splunk-detections.json --force' | |