Skip to content

Nterl0k - T1595 - Generic Scanning Behavior #1620

Nterl0k - T1595 - Generic Scanning Behavior

Nterl0k - T1595 - Generic Scanning Behavior #1620

Workflow file for this run

name: appinspect
on:
pull_request_target:
types: [opened, reopened, synchronize]
jobs:
appinspect:
runs-on: ubuntu-latest
steps:
- name: Check out the repository code
uses: actions/checkout@v4
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- uses: actions/setup-python@v5
with:
python-version: '3.11'
architecture: 'x64'
- name: Install Python Dependencies and ContentCTL and Atomic Red Team
run: |
pip install contentctl>=4.0.0
git clone --depth=1 --single-branch --branch=master https://github.com/redcanaryco/atomic-red-team.git external_repos/atomic-red-team
git clone --depth=1 --single-branch --branch=master https://github.com/mitre/cti external_repos/cti
- name: Running appinspect with enrichments
env:
APPINSPECTUSERNAME: "${{ secrets.APPINSPECTUSERNAME }}"
APPINSPECTPASSWORD: "${{ secrets.APPINSPECTPASSWORD }}"
run: |
echo $APPINSPECTUSERNAME
contentctl inspect --splunk-api-username "$APPINSPECTUSERNAME" --splunk-api-password "$APPINSPECTPASSWORD" --stack_type victoria --enrichments --enable-metadata-validation --suppress-missing-content-exceptions
echo "done appinspect"
mkdir -p artifacts/app_inspect_report
cp -r dist/*.html artifacts/app_inspect_report
cp -r dist/*.tar.gz artifacts/
- name: store_artifacts
uses: actions/upload-artifact@v4
with:
name: content-latest
path: |
artifacts/DA-ESS-ContentUpdate-latest.tar.gz
artifacts/app_inspect_report