go-sigma-rule-engine
go-sigma-rule-engine copied to clipboard
markuskont
Golang library that implements a sigma log rule parser and match engine.
Following rule is not parsed correctly. It becomes a `keyword` rule, rather than `selection`. Correct behavior would be to fail while parsing this rule, as selection object works on key-value...
Main readme needs to be updated. It's still the original one I wrote when we published a paper. But the project has seen some development since then. So it has...
I've spent some time thinking about Placeholders (https://github.com/SigmaHQ/sigma/wiki/Specification#placeholders) in Sigma recently and decided to draft up an approach to it for use in the engine. Normally, placeholders with Sigma would...
This is a research issue for major development. Initial research into this project went entirely into building individual rules themselves and making matching work. Ruleset as a whole was a...
Since the project reorganization was merged, we can now introduce `tests//` folder with sigma rules and testing logs, rather than having to entirely rely on embedded test cases already present....
While researching this topic, I read the official Sigma project python code a lot to figure out my own implementation. They apply some rule tree optimizations that I intentionally left...
See: https://github.com/markuskont/go-sigma-rule-engine/issues/6#issuecomment-1078766502 It seems to me that I made too many constructors. This can be confusing when trying to implement new features, as contributors might be unsure what is needed...
Hi, I was playing around with the detection engine and it works well. However, it's not easy to use something like embed.FS to include the rules inside the go binary....
With go 1.18 introducing generics, we should investigate if they could be used to clean up some type switches that were needed to deal with arbitrary types defined in Sigma...
Is it possible to get a section in the readme that details what kinds of things are supported by the detection/selection/condition fields? I.e. how much of the SIGMA specification is...
Metadata
Owner
Metadata
Golang library that implements a sigma log rule parser and match engine.