Sigma detection rules pipeline


Do anybody have a good pipeline to transform sigma( detection rules to Elastic Security (Defend)? There where some resonable good examples for the old sigmac converter, but I haven't found any for pysigma. There is a inbuilt pipeline (ecs_windows) that suites the Windows integration (winlogbeat use-case).. but it does not work well with Defend integration or for other none-windows endpoints.

I'm working on a python script automate rule updates on new sigma releases and it kind of works well, but there are some issues with the field mappings.

Best regards

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.