Sigma2SplunkAlert icon indicating copy to clipboard operation
Sigma2SplunkAlert copied to clipboard

Published 20 hours ago verified publisher icon P4T12ICK

Failure to convert error

Open turnerdb opened this issue 3 years ago • 2 comments

Greetings, I am having the same issue a another user back in July was having. Following all the instructions and installing the required packages I run the command against the included rules and the just tells me : ./sigma2splunkalert rules/lnx_shell_clear_cmd_history.yml

Failure converting the Sigma File: rules/lnx_shell_clear_cmd_history.yml

I even did it again using hte -c and -sc and N arguments and then I get code execution issues. ./sigma2splunkalert -sc splunk rules/lnx_shell_clear_cmd_history.yml N -c CONFIG Traceback (most recent call last): File "./sigma2splunkalert", line 142, in main(sys.argv) File "./sigma2splunkalert", line 55, in main sigma2splunkalertconfig = openSigma2SplunkConfiguration(converter_config_path) File "./sigma2splunkalert", line 107, in openSigma2SplunkConfiguration with open(converter_config_path, 'r') as stream: FileNotFoundError: [Errno 2] No such file or directory: 'CONFIG'

It would be greatly appreciated to get some assistance with this. We'd really love to use this to convery an absurd amount of rules into a savedsearch.conf.

Thanks, Devin.

turnerdb avatar Oct 25 '21 20:10 turnerdb

Devin,

I had a similar issue with that error and in my case the sigmatools were not installed for Python:

pip3 install sigmatools

jslagrew avatar Nov 18 '21 21:11 jslagrew

I am having the same issue and I did install sigmatools but it still show error

rahmanonik18 avatar May 10 '23 03:05 rahmanonik18