go-sigma-rule-engine icon indicating copy to clipboard operation
go-sigma-rule-engine copied to clipboard

Published 20 hours ago verified publisher icon markuskont

support for embed FS as rule directory

Open mosajjal opened this issue 2 years ago • 2 comments

Hi,

I was playing around with the detection engine and it works well. However, it's not easy to use something like embed.FS to include the rules inside the go binary. For example, in the following code:

	RuleSet, err = sigma.NewRuleset(sigma.Config{
		Directory: []string{"./rules"},
	})

the Directory variable has to be a string and it's not an abstracted interface hence there's no way to easily include the rules directory inside the binary. Is this something you're keen to add? I can take a look at how it can be done and send a PR if interested :)

Cheers,

mosajjal avatar May 02 '22 21:05 mosajjal

Hey, I think it's a great idea. Most of the constructors were built before embed.FS existed, thus lack of support.

Just a heads up though, you can do experiments against https://github.com/markuskont/go-sigma-rule-engine/tree/next-0.3-reorg-2022-04

I will merge it soon, within the week I guess, and it reorganizes the entire project layout. So just to avoid rebase hassles later.

markuskont avatar May 03 '22 05:05 markuskont

Linking https://github.com/markuskont/go-sigma-rule-engine/issues/8

markuskont avatar May 03 '22 05:05 markuskont