pySigma-backend-loki
pySigma-backend-loki copied to clipboard
pySigma backend for generating Grafana Loki/LogQL rules
Today, the only way to modify the Loki log stream selector (i.e., `{app="grafana"}`) when converting a Sigma rule is by either setting the custom attribute `logsource_loki_selection` to the selector you...
Loki has [added support](https://github.com/grafana/loki/pull/8962) for an `or` operator to combine equality line filters, which would remove the need to convert them into regular expressions. I.e., previously to require a line...
The [latest release](https://github.com/SigmaHQ/pySigma/releases/tag/v0.11.0) of pySigma includes a feature known as [Sigma Correlations](https://github.com/SigmaHQ/pySigma/commit/a848c56bae9f9cedb703397b220700d5696a3b36) (documented in the [next version](https://github.com/SigmaHQ/sigma-specification/blob/version_2/appendix_meta_rules.md) of the Sigma specification), which allows Sigma rules to look at a larger...
I ran interrogate on the repository and it reported 23.7% coverage of docstring, which is low. ```bash $ poetry add interrogate $ poetry run interrogate -v ========================= Coverage for /pySigma-backend-loki/...
Due to the way negation works differently in Loki when compared with many other query languages (i.e., it lacks a NOT operator, only supporting individually negated conditions), a large number...
When a query contains multiple OR'd regular expressions, each testing the same field for similar strings (i.e., `(fieldA=~"abc" OR fieldA=~"abd" OR fieldA=~"abe")`, we could generate a shorter/easier to read (and...
I think these comments belong to the docstring. You can have a `Notes:` title in the docstring and add these comments there. Currently there are two (or possibly more) conventions:...
Given the following Sigma rule, the Loki backend raises an exception. The problem is on the `|gte` modifier, which we didn't have a proper test for either. Note that removing...
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.0. Release notes Sourced from requests's releases. v2.32.0 2.32.0 (2024-05-20) 🐍 PYCON US 2024 EDITION 🐍 Security Fixed an issue where setting verify=False on the...