Github Action

A Github Action is available to use in your Github workflows. You can find the source code for it at, https://github.com/runreveal/detection-sync-action (opens in a new tab).

To use the action you will need to store your generated API token and workspace ID in your Github account to be used as variables in the action. It is recommended to store your API token as a secret so that it remains hidden.

In your Github workflow file you can use the following example to sync your detections.

- name: sync-runreveal-detections
  uses: runreveal/detection-sync-action@v1
  with:
    # The directory containing the detections you want to sync.
    # Should be absolute path or relative to your current directory.
    # Defaults to your current directory
    directory: ./detections
 
    # A RunReveal API token generated with detection edit permissions
    # For best results generate your token with the `cibot` role. 
    token: ${{ secrets.RUNREVEAL_TOKEN }}
 
    # The RunReveal workspace ID to sync the detections with.
    # This workspace should match the workspace the token was generated under.
    workspace: ${{ vars.RUNREVEAL_WORKSPACE }}

Update the token and workspace inputs with the name that you used when creating your secrets/variables. Also make sure the directory listed matches where your detections are located.

When your workflow runs it will sync the files in the directory with your RunReveal account.

As of now, you can only sync one directory per workspace. Any detections not listed in your directory will be automatically removed from your account.

Detections will currently report as being updated even if there's no changes. We're working on reporting exactly what's changing in each detection, so you can see which ones aren't being changed with every sync also.