Export deprecated rules in JSON

[ariel-anieli]

Summary of the Pull Request

Hello maintainers,

This is my first ever PR to the project; your feedback is much appreciated.

I have added JSON as export format for deprecated rules.

Changelog

chore: tests/deprecated_rules.py - add json output format
chore: add deprecated/deprecated.json
chore: update README and workflow job accordingly

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

• If your PR adds new rules, please consider following and applying these conventions

[github-actions]

Welcome @ariel-anieli 👋

It looks like this is your first pull request on the Sigma rules repository!

Please make sure to read the SigmaHQ conventions document to make sure your contribution is adhering to best practices and has all the necessary elements in place for a successful approval.

Thanks again, and welcome to the Sigma community! 😃

[phantinuss]

Hi @ariel-anieli,

I am curious about the motivation to add this? What is your use case?

[ariel-anieli]

Hi @ariel-anieli,

I am curious about the motivation to add this? What is your use case?

Hi @phantinuss, thanks for your feedback. My aim was to improve the developer experience.

Does this fit into the roadmap of the project? Please let me know; if not, I'll then drop the PR.

[phantinuss]

I am just curious about how or if these files are used as I know of no feedback. In general I don't like adding complexity for no reason but you write clean and readable code and the work is already done. So ofc we will make use of it. But I cannot promise that it will always be the case.

I made two changes:
a) if modified doesn't exist, we use date over now() as the script is regularly run and I don't want to have diffs to show up for these rules (I also updated the workflow accordingly)
b) I added a secondary sort key as different systems/python versions will probably sort non-deterministically for rules that use the same modified date

Thanks for contributing. If you are looking for ways to contribute to the Sigma project, maybe you want to join the discord server and can ask/discuss for ways to do so.

[ariel-anieli]

I am just curious about how or if these files are used as I know of no feedback. In general I don't like adding complexity for no reason but you write clean and readable code and the work is already done. So ofc we will make use of it. But I cannot promise that it will always be the case.

Sure, I do understand that. Thanks for your feedback.

I made two changes: a) if modified doesn't exist, we use date over now() as the script is regularly run and I don't want to have diffs to show up for these rules (I also updated the workflow accordingly) b) I added a secondary sort key as different systems/python versions will probably sort non-deterministically for rules that use the same modified date

Wonderful.

Thanks for contributing. If you are looking for ways to contribute to the Sigma project, maybe you want to join the discord server and can ask/discuss for ways to do so.

Of course, @phantinuss; I have just joined the server. See you there!