Skip to content

IBM/pySigma_QRadar_base

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

LICENSE

LICENSE

 
 

QRadarBackend.py

QRadarBackend.py

 
 

QRadarFieldsPipeline.py

QRadarFieldsPipeline.py

 
 

QRadarPayloadPipeline.py

QRadarPayloadPipeline.py

 
 

QRadarPipeline.py

QRadarPipeline.py

 
 

README.md

README.md

 
 

generate_readme_mapping.py

generate_readme_mapping.py

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

PySigma QRadar

This is the QRadar backend submodule for pySigma QRadar AQL.

Backend

  • QRadarBackend: It provides a base backend for pySigma QRadar AQL.

Pipelines

  • QRadar_fields_pipeline: Supports only the mapped Sigma fields in the field mapping.

  • QRadar_payload_pipeline: Uses payload search instead of unmapped fields.

    For payload search, the following value types are not supported:

    • Boolean
    • Null
    • CIDR
    • Regular Expression
    • Numeric Comparison

License

pySigma_QRadar_base is licensed under the MIT License.

Maintainers

About

QRadar backend and pipelines as submodule for pySigma-backend-QRadar-AQL and pySigma-backend-QRadar-KQL

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 1

pySigma_QRadar_base Latest
Mar 28, 2024

Packages

No packages published

Contributors 2

  •  
  •  

Languages