python-apps icon indicating copy to clipboard operation
python-apps copied to clipboard
verified publisher icon Shuffle

Create Sigma translator app

Open frikky opened this issue 4 years ago • 9 comments

Create an app that can take a ruleset and translate it before running automation towards a SIEM, using Sigma: https://github.com/SigmaHQ/sigma

Example actions:

  • Take input of a Sigma file OR rule, and translate it into any SIEM search query.

Example platform doing this: https://uncoder.io/

frikky avatar Apr 18 '21 18:04 frikky

hi @frikky i want to work on this issue, Can you please provide some guidance on the desired layout for the app?

satti-hari-krishna-reddy avatar Nov 03 '23 16:11 satti-hari-krishna-reddy

hi @frikky i want to work on this issue, Can you please provide some guidance on the desired layout for the app?

Hey!

This is a development issue for Shuffle itself, and not a frontend development issue. You can read more about what Apps in Shuffle are here: https://shuffler.io/docs/apps

Sigma is a SIEM query translator system, which is related to cybersecurity. If you want to take it upon yourself, then please! We need the help for sure :)

frikky avatar Nov 03 '23 16:11 frikky

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

Exterminator11 avatar Nov 07 '23 16:11 Exterminator11

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

Finding ways to use the following as Apps in Shuffle (this is not about translation, but about security &standardization):

  • OSQuery
  • Ansible
  • Yara
  • Volatility
  • Snort
  • Surricata

frikky avatar Nov 07 '23 17:11 frikky

hi @frikky, do you have an example of the rules other than the sigma rules that should be translated? Thanks

Finding ways to use the following as Apps in Shuffle (this is not about translation, but about security &standardization):

  • OSQuery

  • Ansible

  • Yara

  • Volatility

  • Snort

  • Surricata

Alright thanks!!

Exterminator11 avatar Nov 08 '23 00:11 Exterminator11

Hey @frikky,

I have a question regarding the cybersecurity assignment. I've created a Shuffle Python app and a separate frontend app using ReactJS. The connection between them is established via an API. I wanted to confirm if this approach is acceptable, or does the cybersecurity assignment also require modifications inside the Shuffle codebase same like frontend assignment ?

satti-hari-krishna-reddy avatar Nov 20 '23 03:11 satti-hari-krishna-reddy

Hey @frikky,

I have a question regarding the cybersecurity assignment. I've created a Shuffle Python app and a separate frontend app using ReactJS. The connection between them is established via an API. I wanted to confirm if this approach is acceptable, or does the cybersecurity assignment also require modifications inside the Shuffle codebase same like frontend assignment ?

Hey!

It's not supposed to have a frontend. This is a cybersecurity task focused on the app itself. The app should be used from within a workflow in Shuffle. How did you connect a separate frontend to it?

The idea of a translator system that you've made may come in handy tho. Please do submit it so we can see what you did either way (knowing frontend is a good thing ;))

frikky avatar Nov 20 '23 12:11 frikky