[BUG] Sigma Translation Errors Silently - Githubissues

redcanaryco / surveyor

A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.

MIT License

169 stars 59 forks source link

[BUG] Sigma Translation Errors Silently #119

Closed rc-csmith closed 1 year ago

rc-csmith commented 1 year ago

Describe the bug

If a sigma rule/directory is unable to be translated, the process fails silently and doesn't log any errors

What side of Surveyor is impacted?

[ ] Definition File
[X] Code/Logic
[ ] Other (please explain)

What product is impacted?

[X] All Products
[ ] Carbon Black Response
[ ] Carbon Black Threat Hunter
[ ] Defender for Endpoints
[ ] SentinelOne
[ ] Cortex
[ ] Other

Steps to reproduce

What did you do?

What is the command line you're running that is causing the error?

python surveyor.py --sigmarule /path/to/unsupported/sigma/rule.yml

Expected behavior

It should provide errors when the translation fails

Screenshots

N/A

Additional context

N/A

rc-csmith commented 1 year ago

After testin, this bug is a false alarm - could not replicate issue as error do get generated if a translation fails.