IssueHunt
Bug Bounty (New!)
Browse
Sign in with GitHub
future-architect/vuls

Do you want to work on this issue?

You can request for a bounty in order to promote it!

Sigma rules feed.. #1614

necrose99 posted onGitHub

<!-- If this is a FEATURE REQUEST, request format does not matter! -->

https://uncoder.io/

https://github.com/SigmaHQ/sigma

https://github.com/bradleyjkemp/sigma-go A few free sigma feeds..

While common in siem land , these are more raw threat detections..

Machine a is vulnerable to x.. Warning ⚠️ Machine a is showing active infected.... might be useful to know.. on reports Your firewall is not patched is vulnerable, compromised etc..

as a 🔌 plug-in ..

Simular to go-cti gost etc..

I am also interested in the cooperation with Sigma rule. Similarly, I would like to support Snort, Yara, etc.

The most difficult part of the research is that the amount of data sources is far too small to link the detected CVEs to those rules. At the time, the most usable rules we found were the officially distributed Snort rules.

Do you know of a data source that is stable, updated and has a reasonable amount of data linking these rules to CVEs?

posted by MaineK00n about 2 years ago

Least you could at the very least , add it in the yellow ⚠️ category, ie caution.. as posible detections.. ? Sigma rules , unfortunately not an easy sigma2taxii or sigma2stixx , least initially, thier might be more on futher reserch ... consumer io that vuls could injest with current vuls sub-tools.

Least in golang..

https://github.com/opencybersecurityalliance/stix-shifter , ports to stix2

https://pkg.go.dev/github.com/TcM1911/stix2

https://raw.githubusercontent.com/SigmaHQ/sigma/master/tools/config/ecs-suricata.yml , perhaps useful.

posted by necrose99 about 2 years ago

Fund this Issue

$0.00
Funded
Only logged in users can fund an issue

Pull requests

Company
AboutMission
Community
SpectrumEmbed
Support
FAQTerms of usePrivacy policyCode of conductCredits
Connect
FacebookTwitter

© 2019 BoostIO, Inc.