From 849a537697864375037d19480fc3394c333ec854 Mon Sep 17 00:00:00 2001 From: Patrick Bareiss Date: Thu, 21 Aug 2025 10:37:43 +0200 Subject: [PATCH 1/2] test --- .github/workflows/replay-datasets.yml | 3 +++ .../disable_lsa_protection_new/disable_lsa_protection_new.yml | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/replay-datasets.yml b/.github/workflows/replay-datasets.yml index ea575308..8d0ed189 100644 --- a/.github/workflows/replay-datasets.yml +++ b/.github/workflows/replay-datasets.yml @@ -26,6 +26,9 @@ jobs: with: fetch-depth: 0 # Fetch full history for file change detection + - name: Pull Git LFS files + run: git lfs pull + - name: Set up Python uses: actions/setup-python@v4 with: diff --git a/datasets/attack_techniques/T1556/disable_lsa_protection_new/disable_lsa_protection_new.yml b/datasets/attack_techniques/T1556/disable_lsa_protection_new/disable_lsa_protection_new.yml index 847d3678..673414eb 100644 --- a/datasets/attack_techniques/T1556/disable_lsa_protection_new/disable_lsa_protection_new.yml +++ b/datasets/attack_techniques/T1556/disable_lsa_protection_new/disable_lsa_protection_new.yml @@ -10,4 +10,5 @@ datasets: - name: lsa_reg_deletion_modification.log path: /datasets/attack_techniques/T1556/disable_lsa_protection_new/lsa_reg_deletion_modification.log sourcetype: 'XmlWinEventLog' - source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file + source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' + From 8399dd606756313c06186a86d39f7e80bde63164 Mon Sep 17 00:00:00 2001 From: Patrick Bareiss Date: Thu, 21 Aug 2025 11:37:02 +0200 Subject: [PATCH 2/2] update trigger --- .github/workflows/replay-datasets.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/replay-datasets.yml b/.github/workflows/replay-datasets.yml index 8d0ed189..e3ab77aa 100644 --- a/.github/workflows/replay-datasets.yml +++ b/.github/workflows/replay-datasets.yml @@ -2,11 +2,7 @@ name: Replay Changed Datasets to Splunk on: push: - branches: [ main, master ] - paths: - - 'datasets/**' - pull_request: - branches: [ main, master ] + branches: [ master ] paths: - 'datasets/**' workflow_dispatch: