RMML icon indicating copy to clipboard operation
RMML copied to clipboard
verified publisher icon LivingInSyn

Feature idea: sigma export

Open ruppde opened this issue 2 years ago • 4 comments

hi RMML people,

the perfect addition would be a converter script to sigma (https://github.com/SigmaHQ/sigma) because then sigma could create rules for carbon black and many more security tools like splunk, qradar, azure, ... see https://sigconverter.io/

regards arnim

ruppde avatar Nov 28 '23 18:11 ruppde

Definitely interested in this as the next integration

LivingInSyn avatar Nov 28 '23 18:11 LivingInSyn

cool!

if you need examples, just search for some of the existing rules, e.g.: https://github.com/search?q=repo%3ASigmaHQ%2Fsigma%20teamviewer&type=code https://github.com/search?q=repo%3ASigmaHQ%2Fsigma+anydesk&type=code

ruppde avatar Nov 28 '23 21:11 ruppde

@ruppde check out the sigma branch, I'm not sold on converting the rule format to sigma natively yet, but I'm going to try translating them in CI

LivingInSyn avatar Sep 21 '24 17:09 LivingInSyn

fyi, there's a similar project in the works: https://x.com/M_haggis/status/1825947732382712231

ruppde avatar Sep 23 '24 08:09 ruppde