Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sigma tactics organizer #4625

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

dan21san
Copy link
Contributor

Summary of the Pull Request

As discuss here #4624 this PR add in the tools folder a simple script to organize the Sigma rules into the Mitre ATT&CK framework.

Changelog

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@nasbench nasbench added the Maintenance Related to additions and update of the repository features label Dec 12, 2023
@phantinuss
Copy link
Collaborator

phantinuss commented Mar 15, 2024

I'd like to add the possibility to have multiple input folders for Sigma rules. The repo is structured so that we use multiple folders (rules, rules-emerging-threats, rules-threat-hunting). By default we shouldn't add all of these but the script should be able to handle multiple input directories.

Other than that it looks good to me so far. I would test it a bit locally first before merging, though. Haven't done that yet.

@dan21san
Copy link
Contributor Author

@phantinuss yes your suggestion is very interesting :)
For now, I have only considered the "main" folder rule, but I think it is easily fixable.

@nasbench nasbench added the Work In Progress Some changes are needed label Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Maintenance Related to additions and update of the repository features Work In Progress Some changes are needed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants