forked from SigmaHQ/sigma
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpromote_rules_status.py
46 lines (36 loc) · 1.4 KB
/
promote_rules_status.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
from datetime import datetime
from sigma.collection import SigmaCollection
path_to_rules = [
"rules",
"rules-emerging-threats",
"rules-placeholder",
"rules-threat-hunting",
"rules-compliance",
]
def get_rules_to_promote():
today = datetime.today().strftime("%Y/%m/%d")
rules_to_promote = []
rule_paths = SigmaCollection.resolve_paths(path_to_rules)
rule_collection = SigmaCollection.load_ruleset(rule_paths, collect_errors=True)
for sigmaHQrule in rule_collection:
if str(sigmaHQrule.status) == "experimental":
last_update = (
sigmaHQrule.modified if sigmaHQrule.modified else sigmaHQrule.date
)
last_update = last_update.strftime("%Y/%m/%d")
difference = (
datetime.strptime(today, "%Y/%m/%d")
- datetime.strptime(last_update, "%Y/%m/%d")
).days
if difference >= 300:
rules_to_promote.append(sigmaHQrule.source.path)
return rules_to_promote
def promote_rules(rules_to_promote):
for file_ in rules_to_promote:
with open(file_, "r", encoding="utf8") as f:
data = f.read().replace("\nstatus: experimental", "\nstatus: test")
with open(file_, "w", encoding="utf8") as f:
f.write(data)
if __name__ == "__main__":
rules_to_promote = get_rules_to_promote()
promote_rules(rules_to_promote)