Open ruppde opened 10 months ago
Definitely interested in this as the next integration
cool!
if you need examples, just search for some of the existing rules, e.g.: https://github.com/search?q=repo%3ASigmaHQ%2Fsigma%20teamviewer&type=code https://github.com/search?q=repo%3ASigmaHQ%2Fsigma+anydesk&type=code
@ruppde check out the sigma branch, I'm not sold on converting the rule format to sigma natively yet, but I'm going to try translating them in CI
fyi, there's a similar project in the works: https://x.com/M_haggis/status/1825947732382712231
hi RMML people,
the perfect addition would be a converter script to sigma (https://github.com/SigmaHQ/sigma) because then sigma could create rules for carbon black and many more security tools like splunk, qradar, azure, ... see https://sigconverter.io/
regards arnim