Update sigmac tool readme and ruletype name (#267)

This commit is contained in:
Yamato Security
2021-12-09 09:28:54 +09:00
committed by GitHub
parent 5da9dc748f
commit 9941a5dc90
3 changed files with 4 additions and 5 deletions

View File

@@ -47,8 +47,7 @@ cp splitter.py $sigma_path
### Convert Rule
Conversion rules can be created by executing `convert.sh`.
The rules will be created to hayabusa_rules folder.
`convert.sh` will convert sigma rules to hayabusa rules and save them in a new `hayabusa_rules` folder.
```sh
export sigma_path=/path/to/sigma_repository
@@ -71,4 +70,4 @@ sigma/rules/windows/process_creation/process_creation_apt_turla_commands_medium.
## Sigma rule parsing errors
Some rules will have been able to be converted but will cause parsing errors. We will continue to fix these bugs but for the meantime the majority of Sigma rules do work so please ignore the errors for now.
Some rules will have been able to be converted but will cause parsing errors or will not be usable due to various bugs. We will continue to fix these bugs but for the meantime the majority of Sigma rules do work so please ignore the errors for now.

View File

@@ -48,7 +48,7 @@ cp splitter.py $sigma_path
* 注意:`/path/to/sigma_repository`そのままではなくて、自分のSigmaレポジトリのパスを指定してください。
### ルールの変換
convert.shを実行することでルールの変換が実行されます。変換されたルールはhayabusa_rulesフォルダに作成されます。
`convert.sh`を実行することでルールの変換が実行されます。変換されたルールは`hayabusa_rules`フォルダに作成されます。
```sh
export sigma_path=/path/to/sigma_repository

View File

@@ -268,7 +268,7 @@ class HayabusaBackend(SingleTextQueryBackend):
# parsed.sigmaParser.parsedyamlがOrderedDictならこんなことしなくていい、後で別のやり方があるか調べる
# 順番固定してもいいかも
bs.write("title: " + parsed_yaml["title"]+"\n")
bs.write("ruletype: SIGMA\n")
bs.write("ruletype: Sigma\n")
del parsed_yaml["title"]
# detectionの部分をクリアする前にtimeflameだけ確保しておく。