Skip to content

Introduce an experimental sigma operator #3138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 31, 2023
Merged

Introduce an experimental sigma operator #3138

merged 3 commits into from
Aug 31, 2023

Conversation

dominiklohmann
Copy link
Member

The sigma operator takes a path to a directory or a single *.yaml or *.yml file, takes all input events, and applies the sigma rule. The resulting events contain matches for the Sigma rule and the rule itself.

@dominiklohmann dominiklohmann added the feature New functionality label May 10, 2023
@dominiklohmann dominiklohmann force-pushed the topic/import-operator branch 8 times, most recently from 2978989 to 7c63193 Compare May 17, 2023 16:52
Base automatically changed from topic/import-operator to main May 17, 2023 18:07
@dominiklohmann dominiklohmann mentioned this pull request Jun 9, 2023
Merged
@dominiklohmann dominiklohmann force-pushed the topic/experimental-sigma-operator branch from 492d80c to 7e7bcb5 Compare June 9, 2023 14:22
@mavam mavam added the operator Source, transformation, and sink label Jul 2, 2023
@dominiklohmann dominiklohmann force-pushed the topic/experimental-sigma-operator branch 3 times, most recently from b209f61 to 008ef36 Compare August 10, 2023 04:39
mavam
mavam reviewed Aug 10, 2023
View reviewed changes
dominiklohmann
dominiklohmann commented Aug 29, 2023
View reviewed changes
Copy link
Member Author

@dominiklohmann dominiklohmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just leaving some notes for myself.

@dominiklohmann dominiklohmann force-pushed the topic/experimental-sigma-operator branch 2 times, most recently from 70e4ca5 to 1997e09 Compare August 29, 2023 10:15
@dominiklohmann dominiklohmann marked this pull request as ready for review August 29, 2023 10:16
@dominiklohmann dominiklohmann force-pushed the topic/experimental-sigma-operator branch 2 times, most recently from 53ba52b to b51c1db Compare August 29, 2023 10:30
@dominiklohmann dominiklohmann requested review from jachris and Dakostu and removed request for jachris August 29, 2023 11:30
Dakostu
Dakostu approved these changes Aug 29, 2023
View reviewed changes
Copy link

@Dakostu Dakostu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I played around with this, managed to use this operator to continuously filter data, even while changing my rule file - and approved, considering that this is experimental.

I left some comments, probably for future consideration.

@dominiklohmann dominiklohmann requested a review from Dakostu August 29, 2023 16:42
Dakostu
Dakostu approved these changes Aug 30, 2023
View reviewed changes
Copy link

@Dakostu Dakostu left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for fixing the issues!
I think this warrants an approval now, any more fixes afterwards seem to be superficial from here on.

@dominiklohmann dominiklohmann force-pushed the topic/experimental-sigma-operator branch from 7db3611 to 95a8c80 Compare August 31, 2023 08:39
@dominiklohmann dominiklohmann merged commit 1b580f1 into main Aug 31, 2023
@dominiklohmann dominiklohmann deleted the topic/experimental-sigma-operator branch August 31, 2023 09:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mavam mavam mavam left review comments

@Dakostu Dakostu Dakostu approved these changes

Assignees
No one assigned
Labels
feature New functionality operator Source, transformation, and sink
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dominiklohmann @mavam @Dakostu