[FR] Add Sigma Support for Product Cortex XDR - Githubissues

redcanaryco / surveyor

A cross-platform baselining, threat hunting, and attack surface analysis tool for security teams.

MIT License

173 stars 61 forks source link

[FR] Add Sigma Support for Product Cortex XDR #130

Closed rc-csmith closed 1 year ago

rc-csmith commented 1 year ago

Which category is the feature part of?

[ ] Definition File
[x] Code/Logic Feature
[ ] Other (please explain)

Which product is the feature part of?

[ ] All Products
[ ] Carbon Black Response
[ ] Carbon Black Threat Hunter
[ ] Defender for Endpoints
[ ] SentinelOne
[x] Cortex
[ ] Other

Use Cases

Sigma rule support covers all EDRs except Cortex XDR

Proposal

Add support for Cortex XDR since it is now available in the pySigma plugin directory: https://github.com/SigmaHQ/pySigma-plugin-directory/blob/main/pySigma-plugins-v1.json

Additional Context

N/A