A simple POC on Sigma Meta Rules
😰 No rule was tested or even validated in its writing .
🎆 DO NOT use it in production unless you know what you're doing.
- sigmahq_deprecated -> sigma rules from SigmaHQ
- sigmahq_unsupported -> sigma rules from SigmaHQ
- meta_rule -> the meta rule version
- pysigma -> a pipeline to generate all the query in one file
- splunk -> the splunk output
sigma convert -t splunk -p pysigma\splunk-savedsearches-concat.yml meta_rules > splunk\splunk.md
This repo is not link to SigmaHQ, it is my personnal "works"