Initial version

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: [thomaspatzke]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/workflows/release.yml

@@ -0,0 +1,39 @@
+name: Release to PyPI
+on:
+  release:
+    types: [published]
+  push:
+    tags:
+      - v*.*.*
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-20.04
+    environment: release
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.11'
+      - name: Install Poetry
+        run: pipx install poetry
+      - name: Verify versioning
+        run: |
+          [ "$(poetry version -s)" == "${GITHUB_REF#refs/tags/v}" ]
+      - name: Install dependencies
+        run: poetry install
+      - name: Run tests
+        run: poetry run pytest
+      - name: Build packages
+        run: poetry build
+      - name: Publish to test PyPI
+        if: ${{ github.event_name == 'push' }}
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+      - name: Publish to PyPI
+        if: ${{ github.event_name == 'release' }}
+        uses: pypa/gh-action-pypi-publish@release/v1

.github/workflows/test.yml

@@ -0,0 +1,28 @@
+name: Test
+on:
+  push:
+    branches: [ "*" ]
+  pull_request:
+    branches: [ "*" ]
+  workflow_dispatch:
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        os: [ 'ubuntu-20.04' ]
+        python-version: [ '3.8', '3.9', '3.10', '3.11', '3.12' ]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Poetry
+        run: pipx install poetry
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: poetry
+      - name: Install dependencies
+        run: poetry install
+      - name: Run tests
+        run: poetry run pytest --cov=sigma --cov-report term --cov-report xml:cov.xml -vv

pyproject.toml

@@ -0,0 +1,16 @@
+[tool.poetry]
+name = "pysigma-pipeline-crowdstrike"
+version = "2.0.0"
+description = "Placeholder for legacy CrowdStrike pipeline project obsoleted by backend"
+authors = ["Thomas Patzke <[email protected]>"]
+license = "LGPL-2.1-only"
+readme = "README.md"
+
+[tool.poetry.dependencies]
+python = "^3.8"
+pysigma-backend-crowdstrike = "*"
+
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"

tests/test_crowdstrike.py

@@ -0,0 +1,14 @@
+from sigma.backends.crowdstrike import LogScaleBackend
+from sigma.pipelines.crowdstrike import (
+    crowdstrike_fdr_pipeline,
+    crowdstrike_falcon_pipeline,
+)
+
+def test_backend_logscale():
+    assert LogScaleBackend()
+
+def test_pipeline_fdr():
+    assert crowdstrike_fdr_pipeline()
+
+def test_pipeline_falcon():
+    assert crowdstrike_falcon_pipeline()