github-actions[bot]
commented
1 month ago Welcome @v1p3r0u5 :wave:
It looks like this is your first issue on the Sigma rules repository!
The following repository accepts issues related to false positives or 'rule ideas'.
If you're reporting an issue related to the pySigma library please consider submitting it here
If you're reporting an issue related to the deprecated sigmac library please consider submitting it here
Thanks for taking the time to open this issue, and welcome to the Sigma community! :smiley:
v1p3r0u5
It looks like atm the installation of the elasticsearch backend plugin via sigma cli is not working. Tried it with version 1.0.3 and 1.0.4 of sigma cli on MacOS as well as on a rocky linux instance.
$ sigma version 1.0.4 (online pypi.org: 1.0.4)
$ sigma plugin install elasticsearch Successfully installed plugin 'elasticsearch' pySigma version is compatible with sigma-cli
$ sigma list formats elasticsearch Usage: sigma list formats [OPTIONS] {lucene|eql|esql|splunk} Try 'sigma list formats -h' for help.
Error: Invalid value for '{lucene|eql|esql|splunk}': 'elasticsearch' is not one of 'lucene', 'eql', 'esql', 'splunk'.
Same error also occurs when I try to do a convertion. Installing the plugin splunk was working like a charm.
Thx for having a look at it.