When trying to use a sigma rule with the SentinelOne product, it throw an error that the SentinelOne pysigma backend cannot be found
What side of Surveyor is impacted?
[ ] Definition File
[X] Code/Logic
[ ] Other (please explain)
What product is impacted?
[ ] All Products
[ ] Carbon Black Response
[ ] Carbon Black Threat Hunter
[ ] Defender for Endpoints
[X] SentinelOne
[ ] Cortex
[ ] Other
Steps to reproduce
What did you do?
What is the command line you're running that is causing the error?
python surveyor.py --sigmarule ~/Downloads/test_rule.yml s1 --creds ./cred_file.ini
Error:
Traceback (most recent call last):
File "/Users/REDACTED/surveyor/surveyor.py", line 431, in survey
translated_rules = sigma_translation(product_str, sigma_rules)
File "/Users/REDACTED/surveyor/common.py", line 162, in sigma_translation
from sigma.backends.sentinel_one import SentinelOneBackend # type: ignore
ModuleNotFoundError: No module named 'sigma.backends.sentinel_one'
Expected behavior
Surveyor should be able to translate the sigma rule file and execute it
Describe the bug
When trying to use a sigma rule with the SentinelOne product, it throw an error that the SentinelOne pysigma backend cannot be found
What side of Surveyor is impacted?
What product is impacted?
Steps to reproduce
What did you do?
What is the command line you're running that is causing the error?
python surveyor.py --sigmarule ~/Downloads/test_rule.yml s1 --creds ./cred_file.ini
Error:
Expected behavior
Surveyor should be able to translate the sigma rule file and execute it
Screenshots
N/A
Additional context
N/A