Skip to content
/ pySigma-pipeline-ossem Public

pySigma OSSEM pipeline for transformation of OSSEM into Sigma field naming

License

LGPL-3.0 license
2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SigmaHQ/pySigma-pipeline-ossem

BranchesTags

Repository files navigation

Tests Coverage Badge Status

pySigma OSSEM Pipeline

This is the OSSEM pipeline for pySigma. It contains the ossem_to_sigma processing pipeline in sigma.pipelines.ossem, that transforms Sigma rules written with the field naming and value formats defined in the OSSEM project into the default Sigma taxonomy. Example:

title: Rule written with the OSSEM taxonomy.
status: stable
taxonomy: ossem
logsource:
    category: process_creation
    product: windows
detection:
    sel:
        process_command_line: whoami
        process_file_name: whoami.exe
        process_parent_file_name: httpd.exe
    condition: sel

By preprocessing this rule with the ossem_to_sigma pipeline it can be used like any other Sigma rule written in the default Sigma taxonomy.

This backend is currently maintained by:

  • tbd

About

pySigma OSSEM pipeline for transformation of OSSEM into Sigma field naming

Resources

Readme

License

LGPL-3.0 license
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages