SigmaHQ/tools
neu5ron cbe5af01a1 on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/)
add a total of 5 sigmac's (sigma configs) for 3 different backends. full git message to follow in PR.
2020-05-02 07:23:11 -04:00
..
config on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/) 2020-05-02 07:23:11 -04:00
sigma Fixed: escaping of backslashes before added * 2020-05-02 00:13:15 +02:00
tests add .keyword on aggs; add extra unit test 2019-11-14 14:34:50 +01:00
merge_sigma Fixes for parser split 2018-07-27 00:02:07 +02:00
README.md Sigma tools release 0.11 2019-05-30 22:56:38 +02:00
requirements-devel.txt Dependency cleanup 2020-03-29 22:55:09 +02:00
requirements.txt fix: security vulnerability with pyyaml < 4.2b1 2020-04-02 12:27:53 +02:00
setup.cfg Intermediate refactoring commit: moving code into package 2017-12-08 21:45:05 +01:00
setup.py Release 0.16.0 2020-02-25 22:19:52 +01:00
sigma2attack Add sigma2attack 2019-12-19 00:00:13 +01:00
sigma2genericsigma Added sigma-uuid tool 2019-11-11 23:35:16 +01:00
sigma2misp Update sigma2misp 2020-02-20 18:55:10 +09:00
sigma-similarity sigma-similarity: primary rule set for restriction of comparison 2019-11-08 21:15:13 +01:00
sigma-uuid Added hint on failed UUID check 2019-11-12 23:37:28 +01:00
sigmac Reverted list sorting 2020-04-08 23:23:44 +02:00

This package contains libraries for processing of Sigma rules and the following command line tools:

  • sigmac: converter between Sigma rules and SIEM queries:
    • Elasticsearch query strings
    • Kibana JSON with searches
    • Splunk SPL queries
    • Elasticsearch X-Pack Watcher
    • Logpoint queries
  • merge_sigma: Merge Sigma collections into simple Sigma rules.
  • sigma2misp: Import Sigma rules to MISP events.