Sigmac to OQL #10877

vanh20 · 2023-07-31T09:39:03Z

vanh20
Jul 31, 2023

Is it only me, or does anybody else think of converting Sigma rules to modifiable Onion Query Language? Is this already in place, and I have missed the documentation? Thanks for your time.

vanh20 · 2023-08-02T01:20:56Z

vanh20
Aug 2, 2023
Author

I know, if one looks at the Sigma rules, one can translate that into a live query in Hunt. However, I'm looking for an automated way to do this as I have quite a lot to translate. There is a tool called Sigmac which is able to translate to various SIEM platforms except SecurityOnion. Any help would be appreciated. Thanks!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sigmac to OQL #10877

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Sigmac to OQL #10877

Uh oh!

Uh oh!

vanh20 Jul 31, 2023

Replies: 1 comment

Uh oh!

Uh oh!

vanh20 Aug 2, 2023 Author

vanh20
Jul 31, 2023

vanh20
Aug 2, 2023
Author