lgc validate
The lgc validate command ensures the detection files are correctly formated, typed and consistent. In short, the validate command is similar to a linter in software engineering that will flag errors and suspicious constructs.
bash
~$ lgc validate
INFO all good, no problems identified
~$Now, let's assume a Splunk detection in which we defined the field disabled which takes a boolean. For this demonstration, we are goind to set this parameter to yes, which is an incorrect value for this field.
yaml
name: My Sample Detection
rules:
splunk:
app: SA-ButterCup-App
savedsearch:
...
disabled: yes
...Now, let's run the validate:
bash
~$ lgc validate
error[E2G22]: TypeError
| disabled: yes
| ^ expected bool, got str(yes)
~$Without leaving your workstation or the CI/CD pipeline, lgc is able to determine that the parameter disabled is set to an inconsistent value 🎉.