Skip to content

wagga40/Zircolite-Rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

584 Commits
.github/workflows
.github/workflows
 
 
legacy-sigmatools @ 1a0f514
legacy-sigmatools @ 1a0f514
 
 
pySigma-backend-sqlite @ 7a00471
pySigma-backend-sqlite @ 7a00471
 
 
sigma @ 0bb6f0c
sigma @ 0bb6f0c
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.pdm-python
.pdm-python
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
README.md.back
README.md.back
 
 
gen_ruleset.py
gen_ruleset.py
 
 
pdm.lock
pdm.lock
 
 
pyproject.toml
pyproject.toml
 
 
rules_linux.json
rules_linux.json
 
 
rules_windows_generic.json
rules_windows_generic.json
 
 
rules_windows_generic_full.json
rules_windows_generic_full.json
 
 
rules_windows_generic_high.json
rules_windows_generic_high.json
 
 
rules_windows_generic_medium.json
rules_windows_generic_medium.json
 
 
rules_windows_generic_pysigma.json
rules_windows_generic_pysigma.json
 
 
rules_windows_sysmon.json
rules_windows_sysmon.json
 
 
rules_windows_sysmon_full.json
rules_windows_sysmon_full.json
 
 
rules_windows_sysmon_high.json
rules_windows_sysmon_high.json
 
 
rules_windows_sysmon_medium.json
rules_windows_sysmon_medium.json
 
 
rules_windows_sysmon_pysigma.json
rules_windows_sysmon_pysigma.json
 
 

Repository files navigation

Zircolite-Rules

This repository uses Github Actions to generate periodically updated Sigma rulesets in Zircolite format.

Default rulesets

With the exceptions of the last two, these rulesets have been generated with sigmac wich is available in the official sigma repository. The rulesets with "pysigma" in their names have been generated with the news SQLite backend for pySigma.

⚠️ These rulesets are given "as is" to help new analysts to discover SIGMA and Zircolite. They are not filtered for slow rules, rules with a lot of false positives etc. If you know what you do, you SHOULD generate your own rulesets.

  • rules_windows_generic_full.json : Full SIGMA ruleset from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (no SYSMON rewriting)
  • rules_windows_generic_high.json : Only level high and above SIGMA rules from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (no SYSMON rewriting)
  • rules_windows_generic_medium.json : Only level medium and above SIGMA rules from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (no SYSMON rewriting)
  • rules_windows_generic.json : Same file as rules_windows_generic_high.json
  • rules_windows_sysmon_full.json : Full SIGMA ruleset from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (SYSMON)
  • rules_windows_sysmon_high.json : Only level high and above SIGMA rules from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (SYSMON)
  • rules_windows_sysmon_medium.json : Only level medium and above SIGMA rules from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (SYSMON)
  • rules_windows_sysmon.json : Same file as rules_windows_sysmon_high.json
  • rules_windows_sysmon_pysigma.json : Same file as rules_windows_sysmon_full.json but generated with pySigma
  • rules_windows_generic_pysigma : Same file as rules_windows_generic_full.json but generated with pySigma
  • rules_linux.json : Linux rules converted "as is"

About

Sigma rules converted for direct use with Zircolite

Resources

Readme

License

LGPL-2.1 license
Activity

Stars

10 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages