This gets a vast majority of SIGMA Rules, there will need to be a code cleanup and fine tune. However, for an initial this is pretty close. You use this json body with the LogRhythm SIEM search api, once you search, you will get a hash code value that you use with the search results. Next step is getting the Web Console to have a place to enter this in by default.
This gets a vast majority of SIGMA Rules, there will need to be a code cleanup and fine tune. However, for an initial this is pretty close. You use this json body with the LogRhythm SIEM search api, once you search, you will get a hash code value that you use with the search results. Next step is getting the Web Console to have a place to enter this in by default.