SigmaHQ / sigma-cli

The Sigma command line interface based on pySigma
132 stars 34 forks source link

Fresh installation raise errors #20

Closed tr0mb1r closed 1 year ago

tr0mb1r commented 1 year ago
Successfully installed sigma-cli-0.7.2

% sigma

Traceback (most recent call last):
  File "/opt/homebrew/bin/sigma", line 5, in <module>
    from sigma.cli.main import main
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/cli/main.py", line 3, in <module>
    from .list import list_group
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/cli/list.py", line 6, in <module>
    plugins = InstalledSigmaPlugins.autodiscover()
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/plugins.py", line 65, in autodiscover
    backends = cls._discover_module_directories(sigma.backends, "backends", include_backends)
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/plugins.py", line 53, in _discover_module_directories
    imported_module = importlib.import_module(module.name)
  File "/opt/homebrew/Cellar/python@3.9/3.9.16/Frameworks/Python.framework/Versions/3.9/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/backends/insight_idr/__init__.py", line 1, in <module>
    from .insight_idr import InsightIDRBackend
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/backends/insight_idr/insight_idr.py", line 12, in <module>
    class InsightIDRBackend(TextQueryBackend):
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/backends/insight_idr/insight_idr.py", line 14, in InsightIDRBackend
    backend_processing_pipeline : ClassVar[ProcessingPipeline] = insight_idr_pipeline()
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/pipelines/insight_idr/insight_idr.py", line 65, in insight_idr_pipeline
    ProcessingItem(
  File "<string>", line 14, in __init__
  File "/opt/homebrew/lib/python3.9/site-packages/sigma/processing/pipeline.py", line 125, in __post_init__
    raise SigmaTypeError(f"Detection item processing condition '{str(detection_item_condition)}' is not a DetectionItemProcessingCondition")
sigma.exceptions.SigmaTypeError: Detection item processing condition 'IncludeFieldCondition(fields=['CurrentDirectory', 'IntegrityLevel', 'imphash', 'Imphash', 'LogonId'], type='plain')' is not a DetectionItemProcessingCondition
thomaspatzke commented 1 year ago

This error is caused by a previous installation of an old version of Sigma CLI where the backends were bundled with the CLI instead of being installed as plugins as it's done since 0.7.x. These backends were updates too and partially (as with the InsightIDR backend) the old versions cause such errors because they aren't compatible. Please uninstall all pySigma-backend- and pySigma-pipeline- packages and reinstall with the sigma plugin subcommand.