-
**[ @mmguero](https://github.com/mmguero)** cloned issue [idaholab/Malcolm#162](https://github.com/idaholab/Malcolm/issues/162) on 2023-03-14:
> How could Malcolm integrate sigma?
>
>
>
> [Sigma]…
-
**Is your feature request related to a problem?**
I can't come up with a nice and easy way to build aggregated alerts within the securty-analytics plugin. I am talking about alerts like `Multiple fai…
-
A full description of correlations is found here https://open.substack.com/pub/ecapuano/p/atomic-and-stateful-detection-rules
-
There appears to be a bug when trying to convert certain rules with multiple numeric values (`SigmaNumber` objects), as is seen in over two dozen Windows security rules. Example rules from SigmaHQ inc…
-
Support Temporal Proximity correlation
https://github.com/SigmaHQ/sigma-specification/blob/main/specification/sigma-correlation-rules-specification.md#temporal-proximity-temporal
Reference: http…
-
Hello,
Would it be possible to make wazuh integrate with sigma rules? The yaml logic of sigma rules and xml logic of wazuh rules are complex and there are currently no convertion tools.
These si…
-
Ok, so if I run the following with no pipelines:
```
sigma convert -t eql --without-pipeline sigma/rules/windows/powershell/powershell_module/posh_pm_get_clipboard.yml …
-
I'd like to import Sigma rules (ideally on bulk) as to keep the internal repository up to date in a semi-automated fashion. Is there a way to do this?
-
**Indicate project**
Processor
**Overview**
We want to enable Sigma rules evaluation in the SysFlow Processor, using our policy engine architecture as the base framework.
**Tasks**
- [x] Ref…
-
https://uncoder.io/
https://github.com/SigmaHQ/sigma
https://github.com/bradleyjkemp/sigma-go
A few free sigma feeds..
While common in siem land , these are more raw threat detections.…