-
I tried to run "sigma convert -t qradar -f extension -o rules-extension.zip ./tests/files/valid/sigma_rule.yml" but I received following error:
Invalid value for format: Output format 'extensions' …
-
I'm getting my hands on correlations and am trying to support that in our PySigma Backend.
Given this rule taken from the official sigma-specification repo:
```yaml
title: Correlation - Multipl…
-
Hi,
I was playing around with the detection engine and it works well. However, it's not easy to use something like embed.FS to include the rules inside the go binary. For example, in the following …
-
Curious if Marshaling back into YAML is in scope for `sigmalite`. I think the main gap would be being able to construct the Expressions without Parse() being involed, and then handling JSON/YAML Mars…
-
```
sigma convert --target 'splunk' --pipeline /home/jump/git/win_evt_pipeline.yml /home/jump/git/sigma/rules/windows/powershell/powershell_module/posh_pm_invoke_obfuscation_stdin.yml --skip-unsuppor…
-
Hi!
Are there any plans to implement plain [sigma](https://github.com/Neo23x0/sigma) support for log scanning?
Would be a great feature to have the ability to scan log files with plain sigma rul…
-
Hello!
Just reviewing the DNS exfiltration rule at - https://github.com/SigmaHQ/sigma/blob/master/rules/windows/powershell/powershell_script/posh_ps_invoke_dnsexfiltration.yml and was curious on th…
-
I want to use this plugin with sigma-cli for conversions of rules.
"sigma plugins install" needs >=0.10.x to install your plugin, but it fails the compatibility check and throws python errors if I ig…
-
Recently, some sigma rules are being uploaded without the `level` defined so they are `undefined` rules.
However, `--exclude-status` does not support disabling `undefined` rules so I would like to su…
-
Search-identifier's spec defined value types allowed in lists and maps, but it may need to be expanded.
# Sigma_specification.md
By current definition, **1.** a search-identifier can hold (1) a …