Shuffle / python-apps

Apps to be used for Shuffle automation. Most of Shuffle's apps (2500+) are generated from APIs, and available in the search engine below:
https://shuffler.io/search
MIT License
102 stars 107 forks source link

Create Sigma translator app #148

Open frikky opened 3 years ago

frikky commented 3 years ago

Create an app that can take a ruleset and translate it before running automation towards a SIEM, using Sigma: https://github.com/SigmaHQ/sigma

Example actions:

Example platform doing this: https://uncoder.io/

satti-hari-krishna-reddy commented 1 year ago

hi @frikky i want to work on this issue, Can you please provide some guidance on the desired layout for the app?

frikky commented 1 year ago

hi @frikky i want to work on this issue, Can you please provide some guidance on the desired layout for the app?

Hey!

This is a development issue for Shuffle itself, and not a frontend development issue. You can read more about what Apps in Shuffle are here: https://shuffler.io/docs/apps

Sigma is a SIEM query translator system, which is related to cybersecurity. If you want to take it upon yourself, then please! We need the help for sure :)

Exterminator11 commented 1 year ago

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

frikky commented 1 year ago

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

Finding ways to use the following as Apps in Shuffle (this is not about translation, but about security &standardization):

Exterminator11 commented 1 year ago

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

Finding ways to use the following as Apps in Shuffle (this is not about translation, but about security &standardization):

  • OSQuery

  • Ansible

  • Yara

  • Volatility

  • Snort

  • Surricata

Alright thanks!!

satti-hari-krishna-reddy commented 1 year ago

Hey @frikky,

I have a question regarding the cybersecurity assignment. I've created a Shuffle Python app and a separate frontend app using ReactJS. The connection between them is established via an API. I wanted to confirm if this approach is acceptable, or does the cybersecurity assignment also require modifications inside the Shuffle codebase same like frontend assignment ?

frikky commented 1 year ago

Hey @frikky,

I have a question regarding the cybersecurity assignment. I've created a Shuffle Python app and a separate frontend app using ReactJS. The connection between them is established via an API. I wanted to confirm if this approach is acceptable, or does the cybersecurity assignment also require modifications inside the Shuffle codebase same like frontend assignment ?

Hey!

It's not supposed to have a frontend. This is a cybersecurity task focused on the app itself. The app should be used from within a workflow in Shuffle. How did you connect a separate frontend to it?

The idea of a translator system that you've made may come in handy tho. Please do submit it so we can see what you did either way (knowing frontend is a good thing ;))