Skip to content
/ pySigma-backend-powershell Public

Uses pySigma to convert Sigma rules into PowerShell queries.

License

MIT license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cyberphor/pySigma-backend-powershell

BranchesTags

Repository files navigation

pySigma Powershell Backend

Status

The pySigma PowerShell Backend converts Sigma rules into PowerShell-based queries. It was designed to be used in conjunction with the the Read-WinEvent filter.

Usage

Step 1. After downloading this repository, install this Python-based project using poetry.

poetry install

Step 2. Next, use the provided PowerShell script to import the Read-WinEvent filter. You will need to do this everytime you start a new PowerShell session (pro-tip: add this filter to your PowerShell profile).

./scripts/Read-WinEvent.ps1

Step 3 Convert whatever Sigma rules you have to PowerShell queries.

sigma2powershell -r rules/demo.yml

Copyright

This project is licensed under the terms of the MIT license.

About

Uses pySigma to convert Sigma rules into PowerShell queries.

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages