Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Latest commit

 

History

History
16 lines (9 loc) · 1.09 KB

how_to_import_sigma_rules.md

File metadata and controls

16 lines (9 loc) · 1.09 KB

How to import a sigma rule

It is possible to convert Sigma rules into siembol alerting rules.

To do you need to click on the import icon in the config manager on the right of the search bar (see screenshot below).

drawing

This will open a dialog for importing sigma rules as in screenshot below.

drawing

On the left hand-side the importer attributes can be modified and on the right hand-side the Sigma config can be pasted and edited if needed. Once everything is filled in, as in screenshot below, click on the import button. If the Sigma rule is valid and supported an error dialog will pop up with more details about the error. If successful you will be redirected to the new config.

Note: the following value modifiers are not supported: base64offset, utf16le, utf16be, wide, utf16, and the following condition tokens are not supported: count, min, max, avg, sum, near, by, ==, <, <=, |

drawing