security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8041f77abdbd8c729fb4ec35ba86cab36d654abb
blue-team-tools/tools
T
History
Thomas Patzke 7141729ffc sigma/parser: Introduced new conditions 
* Any definition: 1 of them
* All definitions: all of them
* Any of selected definitions: 1 of def* (wildcard)
* All of selected definitions: all of def* (wildcard)
2018-03-06 23:13:42 +01:00
..
config
Added default index configs for usual ELK setups
2017-11-09 10:05:41 +01:00
sigma
sigma/parser: Introduced new conditions
2018-03-06 23:13:42 +01:00
merge_sigma
Finalizing PyPI release
2017-12-08 23:50:08 +01:00
README.md
Added PyPI README
2017-12-09 22:13:25 +01:00
requirements-devel.txt
Intermediate refactoring commit: moving code into package
2017-12-08 21:45:05 +01:00
requirements.txt
Intermediate refactoring commit: moving code into package
2017-12-08 21:45:05 +01:00
setup.cfg
Intermediate refactoring commit: moving code into package
2017-12-08 21:45:05 +01:00
setup.py
New PyPI release
2017-12-14 22:40:31 +01:00
sigmac
Skipping dotfiles
2017-12-14 22:39:51 +01:00

README.md

This package contains libraries for processing of Sigma rules and the following command line tools:

  • sigmac: converter between Sigma rules and SIEM queries:
    • Elasticsearch query strings
    • Kibana JSON with searches
    • Splunk SPL queries
    • Elasticsearch X-Pack Watcher
    • Logpoint queries
  • merge_sigma: Merge Sigma collections into simple Sigma rules.
Reference in New Issue View Git Blame Copy Permalink