This repository uses Github Actions to generate periodically updated Sigma rulesets in Zircolite format.
With the exceptions of the last two, these rulesets have been generated with sigmac wich is available in the official sigma repository.
The rulesets with "pysigma" in their names have been generated with the news SQLite backend for pySigma.
rules_windows_generic_full.json: Full SIGMA ruleset from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (no SYSMON rewriting)rules_windows_generic_high.json: Only level high and above SIGMA rules from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (no SYSMON rewriting)rules_windows_generic_medium.json: Only level medium and above SIGMA rules from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (no SYSMON rewriting)rules_windows_generic.json: Same file asrules_windows_generic_high.jsonrules_windows_sysmon_full.json: Full SIGMA ruleset from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (SYSMON)rules_windows_sysmon_high.json: Only level high and above SIGMA rules from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (SYSMON)rules_windows_sysmon_medium.json: Only level medium and above SIGMA rules from the "Windows", "rules-emerging-threats" and "rules-threat-hunting" directories of the official repository (SYSMON)rules_windows_sysmon.json: Same file asrules_windows_sysmon_high.jsonrules_windows_sysmon_pysigma.json: Same file asrules_windows_sysmon_full.jsonbut generated with pySigmarules_windows_generic_pysigma: Same file asrules_windows_generic_full.jsonbut generated with pySigmarules_linux.json: Linux rules converted "as is"