SQL Backend

[tastyfrankfurt]

Hey Guys,

You have done a awesome job and putting this together to support the CyberSec community.

There are alot of dataware house tools that utilise SQL as a query language, I am happy to have a crack at the backend and was wondering if you can create a project for it for me to contribute against. I have already started with a cookiecutter and have been working through logically breaking things up but there are some limitations that are causing me some headaches when producing the query.

One example is there a way to just access the fields rather than just one big query that gets returned by the backend?

Thanks

Matt

[thomaspatzke]

You have done a awesome job and putting this together to support the CyberSec community.

Thanks 😊

There are alot of dataware house tools that utilise SQL as a query language, I am happy to have a crack at the backend and was wondering if you can create a project for it for me to contribute against.

You mean a placeholder project you can push your PR to? Below the SigmaHQ organization? pySigma-backend-sql?

I have already started with a cookiecutter and have been working through logically breaking things up but there are some limitations that are causing me some headaches when producing the query.

One example is there a way to just access the fields rather than just one big query that gets returned by the backend?

All fields within a Sigma rule? It requires to iterate recursively over detections. If I remember correctly there was already someone who asked for it, so I could implement it into the pySigma core.