Limit download of Azure-Sentinel to required folders

Question

Limit download of Azure-Sentinel to required folders

Opened this issue 3 months ago · 5 comments

Unnecessary pull of the whole repository takes longer than it could have

Answer 1 · 2024-09-08T11:09:50.000Z

agreed on this one. But I could not seem to find a good enough solution to get this done as i wanted to simply update the git repository locally to get the latest update without having to download it each time. If you have a cool solution, I'd be happy to test it out! :D

Answer 2 · 2024-09-09T05:01:52.000Z

e.g. what I do in my update job

    git clone --filter=blob:none --sparse https://github.com/Azure/Azure-Sentinel
    cd ./Azure-Sentinel
    git sparse-checkout init --cone
    git sparse-checkout set Solutions/

Answer 3 · 2024-09-10T09:22:05.000Z

This one was also interesting, but it still downloads many large blobs even when filtering them out. Not sure how this actually works behind the scenes. And the output actually was a bit bigger than your solution. (13k as i found the rules are mostly from 10k and below in size)

git clone --filter=blob:limit=13k https://github.com/Azure/Azure-Sentinel.git

Answer 4 · 2024-09-10T11:08:46.000Z

@bittib010

Mine sparsely checks out the Solutions/ folder and gets everything within that folder, your one on the other hand simply gets everything excluding the files that exceed 13k (13000 bytes I guess). Not completely sure if Solutions/ is the only folder that contains all the new .yaml format Analytic Rules but last I checked that was the case.

Answer 5 · 2024-09-11T10:15:29.000Z

Nah, there are some rules outside that folder, but not that many.. focusing on Solutions would probably be the best way forward indeed