Sigma2SplunkAlert
Sigma2SplunkAlert copied to clipboard
P4T12ICK
Converts Sigma detection rules to a Splunk alert configuration.
Using your code to produce a splunk app, I made some changes focused on analyse. Briefly, i've modified add_field / add_table part (using sigmac fieldlist output). Feel free to contact...
Hi Patrick, I added a simple setup.py to make it make it easier to use sigma2splunkalert. In order to avoid conflicts with other packages I thought about moving all configuration...
Greetings, I am having the same issue a another user back in July was having. Following all the instructions and installing the required packages I run the command against the...
python Sigma2SplunkAlert --config config/config_new.yml sigma/rules/windows/sysmon I am using the command to convert the Sigma rule. I am getting the following error Failure converting the Sigma File: sigma/rules/windows/sysmon\sysmon_config_modification.yml Failure converting the...
Hey I did the following 1. install jingo2 and pyYAML on Ubuntu 20.04 ``` sudo apt-get install -y python3-jinja2 sudo apt-get install -y python3-yaml ``` 2. Tried to run the...
Hey Patrick Sigma uses collections, and the output of the sigma converter places each of the searches in that collection on a new line. This breaks the search syntax in...
Hi Patrick Would it be nice to give one the option to search by index time? So no event would go missing if indexed later. Or did you already implement...