New target Qradar Extension Rules #45
Replies: 2 comments 2 replies
-
|
Generally all backends for pySigma for target languages are welcome 😊 There's already a QRadar backend for the legacy sigmatools which could be used as base for a pySigma backend. I'm currently working on a backend template (cookiecutter) that could be helpful to start a new pySigma backend. |
Beta Was this translation helpful? Give feedback.
-
|
Great, I'm hope backend template release soon and maybe i can support build this backend for Qradar. I'm currently learning new syntax of pysigma for building it. |
Beta Was this translation helpful? Give feedback.
-
|
and i have question, when i have done build Qradar for pysigma how to commit it in there because i see right now it seperate repo for each modules Thanks |
Beta Was this translation helpful? Give feedback.
-
|
QRadar-AQL - https://github.com/IBM/pySigma-backend-QRadar-AQL |
Beta Was this translation helpful? Give feedback.
-
I have idea for Qradar extension rules.
The Extension rules of Qradar in zip file with xml format, so i think we can create new target for Qradar extension with this
=> Easier for generate sigma rules and deployment rules in Qradar SIEM
Beta Was this translation helpful? Give feedback.
All reactions