Replies: 1 comment 3 replies
-
Check the YAML pipelines project from @frack113, he implemented Elastalert support based on the Elastic backend with processing pipelines. |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
How difficult would it be to (re)integrate the sigma2elastalert backend?
I'm trying to revive the HELK stack and one of the steps it uses is converting the sigma rules to elastalert.
From what i can see the script (linked below) just uses the old sigmac es-qs and then does some text alterations via python [args.sigmac, file, "--target", "es-qs"].
Unfortunately my knowledge on the new pySigma is limited but i would imagine that the changes should be minimal to reimplement this as the es-qs backend still exists?
legacy-sigmatools
Beta Was this translation helpful? Give feedback.
All reactions