nasbench
commented
1 week ago Hi @wikijm
Thanks for this issue, and yes, you can open a PR with your fix its fine.
Just FYI I already have some tuning to the sigma gen script that i'm gonna push to fix some other issues.
wikijm
Hi everyone!
According to the Sigma Rules Specification, the date format in Sigma rule files must follow the ISO 8601 standard, using the separator format (YYYY-MM-DD instead of YYYY/MM/DD).
I’ve made a change in the main...wikijm:LOLRMM:patch-1 branch, but I’m not entirely sure if I modified the correct part of the code. Additionally, I’m uncertain if this change might affect other mechanisms in your GitHub repository or on the lolrmm.io website.
The reason for this change is that when I try to transform, with that repo, your Sigma rules to SentinelOne Power Query using sigma-cli through GitHub Actions, I encounter the following error message: “Error occurred while processing […]_sigma.yml: Rule date ‘YYYY/MM/DD’ is invalid, must be yyyy-mm-dd”:
If this request makes sense, I can create a pull request accordingly.
Thank you for this project; I’m happy to use it for Threat Hunting! 😃