Metadata-Version: 2.1
Name: sigma-cli
Version: 0.4.2
Summary: Sigma Command Line Interface (conversion, check etc.) based on pySigma
Home-page: https://github.com/SigmaHQ/sigma-cli
License: LGPL-2.1-or-later
Author: Thomas Patzke
Author-email: thomas@patzke.org
Requires-Python: >=3.8,<4.0
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved
Classifier: License :: OSI Approved :: GNU Lesser General Public License v2 (LGPLv2)
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Topic :: Security
Requires-Dist: click (>=8.0.3,<9.0.0)
Requires-Dist: prettytable (>=3.1.1,<4.0.0)
Requires-Dist: pysigma (>=0.5.0,<0.6.0)
Requires-Dist: pysigma-backend-insightidr (>=0.1.2,<0.2.0)
Requires-Dist: pysigma-backend-splunk (>=0.3.1,<0.4.0)
Requires-Dist: pysigma-pipeline-crowdstrike (>=0.1.5,<0.2.0)
Requires-Dist: pysigma-pipeline-sysmon (>=0.1.4,<0.2.0)
Requires-Dist: pysigma-pipeline-windows (>=0.1.0,<0.2.0)
Project-URL: Repository, https://github.com/SigmaHQ/sigma-cli
Description-Content-Type: text/markdown

# Sigma Command Line Interface

![Tests](https://github.com/SigmaHQ/sigma-cli/actions/workflows/test.yml/badge.svg)
![Coverage Badge](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/thomaspatzke/0c868df261d4a5d5a1dafe71b1557d69/raw/SigmaHQ-sigma-cli.json)
![Status](https://img.shields.io/badge/Status-pre--release-orange)

This is the Sigma command line interface using the [pySigma](https://github.com/SigmaHQ/pySigma) library to manage, list
and convert Sigma rules into query languages.

## Getting Started

### Installation

The easiest way to install the Sigma CLI is via *pipx* or *pip*. For this purpose run one of the following:

```
python -m pipx install sigma-cli
python -m pip install sigma-cli
```

Another way is to run this from source in a virtual environment managed by [Poetry](https://python-poetry.org/docs/basic-usage/):

```
git clone https://github.com/SigmaHQ/sigma-cli.git
cd sigma-cli
poetry install
poetry shell
```

### Usage

The CLI is available as *sigma* command. A typical invocation is:

```
sigma convert -t <backend> -p <processing pipeline 1> -p <processing pipeline 2> [...] <directory or file>
```

E.g. to convert process creation Sigma rules from a directory into Splunk queries for Sysmon logs run:

```
sigma convert -t splunk -p sysmon sigma/rules/windows/process_creation
```

Available conversion backends and processing pipelines can be listed with `sigma list`.

Backends can support different output formats, e.g. plain queries and a file that can be imported into the target
system. These formats can be listed with `sigma list formats <backend>` and specified for conversion with the `-f`
option.

In addition, an output file can be specified with `-o`.

Example for output formats and files:

```
sigma convert -t splunk -f savedsearches -p sysmon -o savedsearches.conf sigma/rules/windows/process_creation
```

Outputs a Splunk savedsearches.conf containing the converted searches.

## Maintainers

The project is currently maintained by:

- Thomas Patzke <thomas@patzke.org>
