Sigma2SplunkAlert icon indicating copy to clipboard operation
Sigma2SplunkAlert copied to clipboard
verified publisher icon P4T12ICK

Failure converting the Sigma File: rules/....yml

Open iSecRoOt opened this issue 4 years ago • 0 comments

Hey I did the following

  1. install jingo2 and pyYAML on Ubuntu 20.04
sudo apt-get install -y python3-jinja2
sudo apt-get install -y python3-yaml
  1. Tried to run the python script sigma2Splunkalert

./sigma2splunkalert -c config/config.yml -sc sigma_config/splunk-all.yml rules/sysmon_mimikatz_detection_lsass.yml

-> error

# Failure converting the Sigma File: rules/sysmon_mimikatz_detection_lsass.yml

further infos:

Linux ubuntu2104 5.11.0-16-generic #17-Ubuntu SMP Wed Apr 14 20:12:43 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
NAME="Ubuntu"
VERSION="21.04 (Hirsute Hippo)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 21.04"
VERSION_ID="21.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=hirsute
UBUNTU_CODENAME=hirsute

Python 3.9.4

Thanks in advance

iSecRoOt avatar Jul 27 '21 19:07 iSecRoOt