Émilio Gonzalez
Émilio Gonzalez
Hello Resilient devs! We are currently using Resilient where I work, and I've been developping a lot of customizations lately. Because we versionize our customizations, we had to do a...
I'm getting my hands on correlations and am trying to support that in our PySigma Backend. Given this rule taken from the official sigma-specification repo: ```yaml title: Correlation - Multiple...
Currently, it is not supported to use `sigma convert --pipeline ./my_pipelines_directory [...]` We're starting to use processing pipelines internally and I wanted to segment processing pipelines by files in a...
The `ocsf.py` file implements a non-standard mapping rule definition. Since Crowdstrike is a contributor to OCSF, and the YAML-based approach is way better than using JSON to define mapping rules...
Hi, when running `contentctl build --verbose`, I get this weird error: ``` C:\Users\user\.virtualenvs\something\Scripts\python.exe -m contentctl.contentctl build --verbose INFO: Common Information Model/CIM (uid: [1621]) is not listed in apps. contentctl test...
Hi, is there a way with the CLI or manually using Python to remove the "anomalous_usage_of_7zip.yml" file that is created into `templates/detections/endpoint` when we do `contentctl init`?
This link from the README is dead (404): 
I'm trying to get contentctl to download apps from splunkbase, but there is no documentation as to how to do that, so I have to keep guessing, but I'm running...
Hi! I was looking into how to include lookups in a contentctl content pack. I finally found how to do it (you need to include two files, a YAML one...
Hello, I tried to convert a Sigma rule but got this weird error when calling `.to_dict()` on it. I feel like it should work? ```python from sigma.rule import SigmaRule sigma_rule...