New PySigma Backend for Pandas DataFrame #280
Closed
blue-playground
started this conversation in
Ideas
Replies: 1 comment
-
|
Hey man, Sorry I missed the tag. The process for getting the backend into sigma cli is described here https://github.com/SigmaHQ/cookiecutter-pySigma-backend?tab=readme-ov-file#publishing-a-backend You can give it a read as it is straightforward. Basically it boils down to you publishing your package on pypi and then making a request to https://github.com/SigmaHQ/pySigma-plugin-directory I would suggest maybe to enhance the readme too. maybe to add badges so that users know the status of the dev. Hope this helps |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
When we are collecting logs in a SIEM during an investigation, it maybe interesting to run publicly available SIGMAs. To achieve this, we can collect relevant logs in a pandas DF and execute the Sigma queries using the
df.query()function on those logs.This was also required in the threat hunting scenarios, I was running from Jupyter notebooks.
I have created a backend to convert the Sigma rules to a df query. It is hosted here.
If I want to use the second alternative of publishing this backend with PySigma, how can I proceed about the same?
@nasbench @thomaspatzke
(Adding you guys specifically, because I do not know how notifications work 🙈 )
Beta Was this translation helpful? Give feedback.
All reactions