-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathTaskfile.yml
More file actions
101 lines (84 loc) · 3.54 KB
/
Copy pathTaskfile.yml
File metadata and controls
101 lines (84 loc) · 3.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
version: '3'
# Tool versions: Go is pinned in .tool-versions at the repo root (golang 1.21.13), and event-generator is managed via the install-tools task.
# Use `mise install` or `asdf install` to activate Go.
tasks:
install-tools:
desc: Install the falcosecurity event-generator binary
cmds:
- |
if [ ! -f ./event-generator ]; then
wget -qO- https://github.com/falcosecurity/event-generator/releases/download/v0.12.0/event-generator_0.12.0_linux_amd64.tar.gz | tar xvz event-generator
chmod +x event-generator
fi
status:
- test -f ./event-generator
test-osquery:
desc: Verify osquery configuration using osqtool
cmds:
- "~/.local/bin/mise exec go@1.21.13 -- go test -v ./tests/harness_test.go -run TestSecurityHarnesses/test-osquery"
test-falco:
desc: Run event-generator to test Falco rules
deps:
- install-tools
cmds:
# We ignore exit status here so it doesn't halt pipeline if it's run locally without root
- "~/.local/bin/mise exec go@1.21.13 -- go test -v ./tests/harness_test.go -run TestSecurityHarnesses/test-falco"
test:
desc: Run minimal tests for osqtool and event-generator
cmds:
- task: test-osquery
- task: test-falco
- task: test-detection-coverage
bootstrap-caldera:
desc: Clone CALDERA and initialize stockpile ability data under .data/
cmds:
- uv run python tools/caldera_otel_harness.py bootstrap
list-safe-caldera-abilities:
desc: List curated Linux-safe CALDERA stockpile abilities for host execution
cmds:
- uv run python tools/caldera_otel_harness.py list-safe-abilities
test-host-emulation:
desc: Execute a safe CALDERA ability on the host and verify OTEL trace ingestion
cmds:
- uv run python -m pytest tests/test_caldera_otel_integration.py --run-stack --run-host-emulation -v
test-caldera-detection-coverage:
desc: Run CALDERA live coverage tests and write a JSON coverage artifact
cmds:
- uv run python -m pytest tests/test_caldera_detection_coverage.py tests/test_caldera_otel_integration.py --run-stack --run-host-emulation -v
test-detection-coverage:
desc: Validate MITRE tagging and structural coverage of Falco + OSquery configs (static, no live stack)
cmds:
- uv run python -m pytest tests/test_detection_coverage.py tests/test_falco_rules.py tests/test_osquery_config.py -v
trigger-detections:
desc: Safely trigger each custom detection rule and validate alert pipeline
vars:
FILTER: '{{.FILTER | default "all"}}'
cmds:
- bash ./tools/trigger-detections.sh {{.FILTER}}
update-yara:
desc: Download and update YARA rules from Abuse.ch
cmds:
- bash ./tools/update_yara_rules.sh
sync-oo-export:
desc: Export dashboards and alerts from OpenObserve to local directory
cmds:
- bash ./tools/oo-dashboards.sh export
- bash ./tools/oo-alerts.sh export
sync-oo-import:
desc: Import dashboards and alerts from local directory to OpenObserve
cmds:
- bash ./tools/oo-alerts.sh setup-destination
- bash ./tools/oo-dashboards.sh import
- bash ./tools/oo-alerts.sh import
test-alerts:
desc: Send a test notification through the webhook receiver
cmds:
- bash ./tools/oo-alerts.sh test
oo-alerts-export:
desc: Export OpenObserve alert definitions to local directory for GitOps
cmds:
- bash tools/oo-alerts.sh export
oo-alerts-import:
desc: Import OpenObserve alert definitions from local directory
cmds:
- bash tools/oo-alerts.sh import