theflakes
commented
2 years ago Thanks, can you provide the exact error and Sigma rule(s) that are generating the error and any other information around the error? thanks
Closed n0rthl1ght closed 1 year ago
theflakes
commented
2 years ago Thanks, can you provide the exact error and Sigma rule(s) that are generating the error and any other information around the error? thanks
n0rthl1ght
commented
2 years ago Found the example!
theflakes
commented
2 years ago Thanks for finding this, should be fixed now. Problem was regex was not being escaped properly on some rules.
theflakes
commented
2 years ago The rule its failed on is also not having its logic converted correctly.
n0rthl1ght
commented
2 years ago I will test the new version, when it's ready. I hope it'll be ok 👍
n0rthl1ght
commented
2 years ago Tested again and have the same problem.
Posted in wazuh slack channel. Maybe they can help solve this.
n0rthl1ght
commented
2 years ago Got the answer
theflakes
commented
1 year ago Think this is fixed but there have been a lot of changes since this was reported.
Still working on converting more complex Sigma logic to Wazuh. Not sure if I'll ever get it working fully tbh.
Hey! There is awesome that someone working on converter of rules to wazuh! I'll be active tester :D
Have a problem with validating converted XML with default settings in config.ini. I think problem in groups like antivirus, rpc_firewall, application and so on that not in Wazuh group rules lists