Create Sigma translator app

Shuffle / python-apps

Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:

https://shuffler.io/search

MIT License

99 stars 104 forks source link

Create Sigma translator app #148

Open frikky opened 3 years ago

frikky commented 3 years ago

Create an app that can take a ruleset and translate it before running automation towards a SIEM, using Sigma: https://github.com/SigmaHQ/sigma

Example actions:

Take input of a Sigma file OR rule, and translate it into any SIEM search query.

Example platform doing this: https://uncoder.io/

satti-hari-krishna-reddy commented 10 months ago

hi @frikky i want to work on this issue, Can you please provide some guidance on the desired layout for the app?

frikky commented 10 months ago

hi @frikky i want to work on this issue, Can you please provide some guidance on the desired layout for the app?

Hey!

This is a development issue for Shuffle itself, and not a frontend development issue. You can read more about what Apps in Shuffle are here: https://shuffler.io/docs/apps

Sigma is a SIEM query translator system, which is related to cybersecurity. If you want to take it upon yourself, then please! We need the help for sure :)

Exterminator11 commented 10 months ago

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

frikky commented 10 months ago

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

Finding ways to use the following as Apps in Shuffle (this is not about translation, but about security &standardization):

OSQuery
Ansible
Yara
Volatility
Snort
Surricata

Exterminator11 commented 10 months ago

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

Finding ways to use the following as Apps in Shuffle (this is not about translation, but about security &standardization):

OSQuery

Ansible

Yara

Volatility

Snort

Surricata

Alright thanks!!

satti-hari-krishna-reddy commented 10 months ago

Hey @frikky,

I have a question regarding the cybersecurity assignment. I've created a Shuffle Python app and a separate frontend app using ReactJS. The connection between them is established via an API. I wanted to confirm if this approach is acceptable, or does the cybersecurity assignment also require modifications inside the Shuffle codebase same like frontend assignment ?

frikky commented 10 months ago

Hey @frikky,

I have a question regarding the cybersecurity assignment. I've created a Shuffle Python app and a separate frontend app using ReactJS. The connection between them is established via an API. I wanted to confirm if this approach is acceptable, or does the cybersecurity assignment also require modifications inside the Shuffle codebase same like frontend assignment ?

Hey!

It's not supposed to have a frontend. This is a cybersecurity task focused on the app itself. The app should be used from within a workflow in Shuffle. How did you connect a separate frontend to it?

The idea of a translator system that you've made may come in handy tho. Please do submit it so we can see what you did either way (knowing frontend is a good thing ;))