Add filename of sigma rule to Mini-Gui

wagga40 / Zircolite

A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

671 stars 91 forks source link

Add filename of sigma rule to Mini-Gui #17

Closed frack113 closed 2 years ago

frack113 commented 2 years ago

add filename to find the rule more easily in Mini-Gui

wagga40 commented 2 years ago

Thanks ! Filename is not always in the ruleset (the default rulesets don't have it), I've added a test. Is it ok for you ?

frack113 commented 2 years ago

Yes. By the way for the new powershell category need to use -c config/generic/powershell.yml when generate the rule file. There are not part of sysmon.yml.

wagga40 commented 2 years ago

Yes you're right. Until now, Zircolite had its own config files (here) but they will slowly disappear with the deprecation of the rule generator (genRules).

Thanks a lot.