{"library":"pysigma-backend-splunk","title":"pySigma Splunk Backend","description":"Generates Splunk Search Processing Language (SPL) from Sigma rules via the pySigma library. Supports SPL and SPL2 targets, Splunk Data Models, correlation rules, and field existence expressions. Compatible with pySigma >=1.0, Python >=3.10. Current version 2.1.0, release cadence is irregular.","language":"python","status":"active","last_verified":"Fri May 01","install":{"commands":["pip install pysigma-backend-splunk"],"cli":null},"imports":["from splunk import SplunkBackend","from sigma.backends.splunk import SplunkBackend"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"from sigma.collection import SigmaCollection\nfrom sigma.backends.splunk import SplunkBackend\n\n# Parse a simple Sigma rule\nrule = SigmaCollection.from_yaml('''\ntitle: Test\nstatus: test\nlogsource:\n  category: process_creation\n  product: windows\ndetection:\n  sel:\n    Image|endswith: '\\\\cmd.exe'\n  condition: sel\n''')\n\nbackend = SplunkBackend()\nqueries = backend.convert(rule)\nfor q in queries:\n    print(q)","lang":"python","description":"Parse a Sigma rule and convert it to SPL using the Splunk backend.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}