-
On the left are our converted rule and the right has the…
-
Currently sigma-go panics when given a rule that looks like this:
```yaml
detection:
someCondition:
foo: bar
condition: nonExistentCondition
```
This panic happens here: https…
-
Create an app that can take a ruleset and translate it before running automation towards a SIEM, using Sigma: https://github.com/SigmaHQ/sigma
Example actions:
- Take input of a Sigma file OR rule…
-
### Rule UUID
f3a98ce4-6164-4dd4-867c-4d83de7eca51
### Example EventLog
I found this off virus total lol
### Description
Script Block is
```
ScriptBlockText|re: '\w+`(\w+|-|.)`[\w+|\s]'
```…
-
I have added a custom rule to helk-elastalert that tests blacklist hashes.
This rule has been tested against sample data using elastalert-test-rule and returns the sample hit as seen below in the fin…
-
**Is your feature request related to a problem? Please describe.**
Kestrel allow to use SIGMA engine as an analytics. But we may want to have a dedicated method of calling SIGMA since it is an import…
-
I am trying to compute the variance of a symbol but it raises a TypeError that I am not able to interpret. The expected values computes well and works as expected
```python
import sys
import symp…
-
I'm working on writing some security specific queries. So far I've been able to get some wildcard queries working properly, such as:
```
# WORKS
# https://raw.githubusercontent.com/Neo23x0/sigma/…
-
### Description of the Idea of the Rule
I want to propose a rule enabling the detection of PowerShell without using the well-known `powershell.exe` but rather via `rundll32.exe` and various other m…
-
Create an analyzer to tag suspicious PowerShell activity to detect things such as a base64 payload, usage of a pen testing framework such as PowerShell empire, etc. The following presentation link giv…