Failure to convert error

[turnerdb]

Greetings,
I am having the same issue a another user back in July was having. Following all the instructions and installing the required packages I run the command against the included rules and the just tells me :
./sigma2splunkalert rules/lnx_shell_clear_cmd_history.yml

Failure converting the Sigma File: rules/lnx_shell_clear_cmd_history.yml

I even did it again using hte -c and -sc and N arguments and then I get code execution issues.
./sigma2splunkalert -sc splunk rules/lnx_shell_clear_cmd_history.yml N -c CONFIG
Traceback (most recent call last):
File "./sigma2splunkalert", line 142, in
main(sys.argv)
File "./sigma2splunkalert", line 55, in main
sigma2splunkalertconfig = openSigma2SplunkConfiguration(converter_config_path)
File "./sigma2splunkalert", line 107, in openSigma2SplunkConfiguration
with open(converter_config_path, 'r') as stream:
FileNotFoundError: [Errno 2] No such file or directory: 'CONFIG'

It would be greatly appreciated to get some assistance with this. We'd really love to use this to convery an absurd amount of rules into a savedsearch.conf.

Thanks,
Devin.

[jslagrew]

Devin,

I had a similar issue with that error and in my case the sigmatools were not installed for Python:

pip3 install sigmatools

[rahmanonik18]

I am having the same issue and I did install sigmatools but it still show error