Skip to content

SIEM detection format for javascript objects based on sigma logfile rules.

License

Notifications You must be signed in to change notification settings

almostSouji/omega

Repository files navigation

A SIEM detection format for JavaScript objects.

The pattern matching and rule syntax are based on Sigma rules, but adapted for the analysis of javscript objects rather than logfiles.

Why should I use this?

You probably shouldn't.

  • The entire rule engine is written in TypeScript and the evaluation is very much not optimized for use at massive scale.
  • This is a proof of concept for my personal use and to increase my understanding of detection flows.

However, if you are intersted in evaluating arbitrary objects against something closely resembling sigma rules, feel free to give it a shot!

Contributing

Before contributing, please read through the wiki. It details almost anything there is to know. If the wiki is not specific enough, check out the Sigma rule specification, Omega is very much built around it!

Before submitting a PR, please make sure:

  • The project builds yarn build.
  • The tests run without fail yarn test.
  • The format and lint rule are applied and respected yarn lint, yarn format

Inspiration and simialar projects

This project closely follows the sigma rule specification and was inspired by seeing these amazing projects in action:

About

SIEM detection format for javascript objects based on sigma logfile rules.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published