![]() Sigma configuration with field name and index name mappingįirst of all, we will keep the default sigma converter configuration splunk-all.yml under the folder sigma_config. sigma-config SIGMA_CONFIG, -sc SIGMA_CONFIG h, -help show this help message and exit N folder or file containing the Sigma rules Usage: sigma2splunkalert Ĭonvert Sigma rules to Splunk Alerts nf configuration. Subsequently, we will have a look into the usage by using the following command: cd Sigma2SplunkAlert We will start with cloning the Sigma2SplunkAlert Github project: git clone In this chapter, we will clone the Github project and convert all the Sysmon rules of the Sigma repository. If you find some incompatibility to previous Splunk versions, open an issue and I will try to add the support as soon as possible. The Sigma2SplunkAlert was tested with Splunk version 7.2.5. Furthermore, Python >= 3.5, PyYAML and Jinja2 is needed. Sigma needs to be installed and part of the environment variables. Sigma2SplunkAlert needs Sigma for converting the Sigma detection rules into Splunk searches.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |