Feature idea: sigma export

[ruppde]

hi RMML people,

the perfect addition would be a converter script to sigma (https://github.com/SigmaHQ/sigma) because then sigma could create rules for carbon black and many more security tools like splunk, qradar, azure, ... see https://sigconverter.io/

regards arnim

[LivingInSyn]

Definitely interested in this as the next integration

[ruppde]

cool!

if you need examples, just search for some of the existing rules, e.g.: https://github.com/search?q=repo%3ASigmaHQ%2Fsigma%20teamviewer&type=code https://github.com/search?q=repo%3ASigmaHQ%2Fsigma+anydesk&type=code

[LivingInSyn]

@ruppde check out the sigma branch, I'm not sold on converting the rule format to sigma natively yet, but I'm going to try translating them in CI

[ruppde]

fyi, there's a similar project in the works: https://x.com/M_haggis/status/1825947732382712231