Sigma rule processing and conversion tools

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for nas_bench from gravatar.com nas_bench Avatar for thomaspatzke from gravatar.com thomaspatzke

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: OSI Approved, GNU Lesser General Public License v2 (LGPLv2) (LGPL-2.1-only)

Author: Thomas Patzke

Requires: Python >=3.8, <4.0

Classifiers

Project description

pySigma

Tests Coverage Badge Status

pySigma is a python library that parses and converts Sigma rules into queries.

It replaces a lot of the logic found in the sigmac tool, and brings it into a modern Python library. For a CLI version of the new Sigma tool, see (TBA).

Getting Started

To start using pySigma, install it using your python package manager of choice. Documentation with some usage examples can be found here.

Poetry:

poetry add git+https://github.com/SigmaHQ/pySigma.git#main

Pipenv:

pipenv install git+https://github.com/SigmaHQ/pySigma.git#egg=pysigma

Features

pySigma brings a number of additional features over sigmac, as well as some changes.

Modifier compare from sigmac

Modifier Use sigmac legacy
contains the value is matched anywhere in the field (strings and regular expressions) X
startswith The value is expected at the beginning of the field's content (strings and regular expressions) X
endswith The value is expected at the end of the field's content (strings and regular expressions) X
base64 The value is encoded with Base64 X
base64offset If a value might appear somewhere in a base64-encoded value the representation might change depending on the position in the overall value X
wide transforms value to UTF16-LE encoding X
re value is handled as regular expression by backends X
cidr value is handled as a IP CIDR by backends
all This modifier changes OR logic to AND X
lt Field is less than the value
lte Field is less or egal than the value
gt Field is Greater than the value
gte Field is Greater or egal than the value
expand Modifier for expansion of placeholders in values. It replaces placeholder strings (%something%)

Overview

Conversion Overview

Conversion Graph

Pipelines

Conversion Graph

More details are described in the documentation.

Testing

To run the pytest suite for pySigma, run the following command:

make test

Contributing

Pull requests are welcome. Please feel free to lodge any issues/PRs as discussion points.

Authors

Licence

GNU Lesser General Public License v2.1. For details, please see the full license file located here.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for nas_bench from gravatar.com nas_bench Avatar for thomaspatzke from gravatar.com thomaspatzke

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: OSI Approved, GNU Lesser General Public License v2 (LGPLv2) (LGPL-2.1-only)

Author: Thomas Patzke

Requires: Python >=3.8, <4.0

Classifiers

Release history Release notifications | RSS feed

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11.0

0.10.10

0.10.9

0.10.8

0.10.7

0.10.6

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.11

0.9.10

0.9.9

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9.0

0.8.12

0.8.11

0.8.10

0.8.9

0.8.8

0.8.7

0.8.6

0.8.5

0.8.4

0.8.3

0.8.2

0.8.1

0.8.0

0.7.3

0.7.2

0.7.1

0.7.0

0.6.8

0.6.7

0.6.6

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.5.2

0.5.1

0.5.0

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.2

0.3.1

0.3.0

This version

0.2.0

0.1.7

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pySigma-0.2.0.tar.gz (49.0 kB view hashes)

Uploaded Source

Built Distribution

pySigma-0.2.0-py3-none-any.whl (55.6 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page