New PySigma Backend for Pandas DataFrame #280
Closed
blue-playground
started this conversation in
Ideas
Replies: 1 comment
-
|
Hey man, Sorry I missed the tag. The process for getting the backend into sigma cli is described here https://github.com/SigmaHQ/cookiecutter-pySigma-backend?tab=readme-ov-file#publishing-a-backend You can give it a read as it is straightforward. Basically it boils down to you publishing your package on pypi and then making a request to https://github.com/SigmaHQ/pySigma-plugin-directory I would suggest maybe to enhance the readme too. maybe to add badges so that users know the status of the dev. Hope this helps |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
When we are collecting logs in a SIEM during an investigation, it maybe interesting to run publicly available SIGMAs. To achieve this, we can collect relevant logs in a pandas DF and execute the Sigma queries using the
df.query()function on those logs.This was also required in the threat hunting scenarios, I was running from Jupyter notebooks.
I have created a backend to convert the Sigma rules to a df query. It is hosted here.
If I want to use the second alternative of publishing this backend with PySigma, how can I proceed about the same?
@nasbench @thomaspatzke
(Adding you guys specifically, because I do not know how notifications work 🙈 )
Beta Was this translation helpful? Give feedback.
All reactions