Detection Rules Optimisation Integration Deployment

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for certeu from gravatar.com certeu

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: "EUPL-1.2"
  • Author: cert-eu/mlc
  • Requires: Python >=3.11.8
Report project as malware

Project description

droid

droid is a PySigma wrapper allowing an easy adoption of Sigma and helps enabling Detection-As-Code. The ultimate goal of droid is to consume a repository Sigma rules and deploy them on one or multiple platform (SIEM/EDR). The tool also supports plain SIEM/EDR search queries.

droid workflow

🚀 Features

Key features are:

  1. Validate the syntax of Sigma rules
  2. Convert them by applying a set of transforms per log source and platform
  3. Search in logs and report on findings
  4. Test the rules by leveraging Atomic Red Team™ (work in progress)
  5. Deploy them with any compatible SIEM and EDR (.e.g. Splunk, Microsoft Sentinel)

🚂 Get started

To get started with the tool, visit the documentation page and configure droid for your environment.

Note: Python version 3.11.8+ is required

📚 Resources

License

Licensed under the EUPL.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for certeu from gravatar.com certeu

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: "EUPL-1.2"
  • Author: cert-eu/mlc
  • Requires: Python >=3.11.8

Release history Release notifications | RSS feed

This version

0.3.1

0.3.0

0.2.21

0.2.20

0.2.19

0.2.18

0.2.17

0.2.16

0.2.15

0.2.14

0.2.13

0.2.12

0.2.11

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.5

0.1.4

0.1.3

0.1.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

detect_droid-0.3.1.tar.gz (51.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

detect_droid-0.3.1-py3-none-any.whl (64.2 kB view details)

Uploaded Python 3

File details

Details for the file detect_droid-0.3.1.tar.gz.

File metadata

  • Download URL: detect_droid-0.3.1.tar.gz
  • Upload date:
  • Size: 51.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for detect_droid-0.3.1.tar.gz
Algorithm Hash digest
SHA256 98bc99d66b9f4b9b63227c5970a3d95d8e0b520dbe3fbf0a8e60a5728944e2f3
MD5 06444981550c94cbbcf46d9fb1228e60
BLAKE2b-256 46a7736a140c8cc62e9e6c78c6502d7508ff9d87e1aa9ba76bd3f8c8272c4892

See more details on using hashes here.

File details

Details for the file detect_droid-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: detect_droid-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 64.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for detect_droid-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 833df8fca35857e5e0fa792315c57cdd731717afd661e3c92587100797bcc6b4
MD5 8ea2198e6477a9083010a6426353304d
BLAKE2b-256 fc17623aacc0a6e84c38988663795cd6c850f089d6fef96ac7f69c7f9651c1d7

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page