pySigma Powershell Backend

The pySigma PowerShell Backend converts Sigma rules into PowerShell-based queries. It was designed to be used in conjunction with the the Read-WinEvent filter.

Usage

Step 1. After downloading this repository, install this Python-based project using poetry.

poetry install

Step 2. Next, use the provided PowerShell script to import the Read-WinEvent filter. You will need to do this everytime you start a new PowerShell session (pro-tip: add this filter to your PowerShell profile).

./scripts/Read-WinEvent.ps1

Step 3 Convert whatever Sigma rules you have to PowerShell queries.

sigma2powershell -r rules/demo.yml

Copyright

This project is licensed under the terms of the MIT license.

Name		Name	Last commit message	Last commit date
Latest commit History 86 Commits
.github/workflows		.github/workflows
rules		rules
scripts		scripts
sigma		sigma
tests		tests
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
poetry.lock		poetry.lock
poetry.toml		poetry.toml
print-coverage.py		print-coverage.py
pyproject.toml		pyproject.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

pySigma Powershell Backend

Usage

Copyright

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

cyberphor/pySigma-backend-powershell

Folders and files

Latest commit

History

Repository files navigation

pySigma Powershell Backend

Usage

Copyright

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages