{"library":"sigmatools","title":"sigma","description":"Tools for the Generic Signature Format for SIEM Systems (sigma). Current version: 0.23.1. Quarterly releases with rule updates.","language":"python","status":"active","last_verified":"Fri May 01","install":{"commands":["pip install sigmatools"],"cli":{"name":"sigma","version":"sh: 1: sigma: not found"}},"imports":["import sigma"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import sigma\nfrom sigma.backends.splunk import SplunkBackend\nfrom sigma.collection import SigmaCollection\n\nrule_source = '''\ntitle: Test Rule\nid: abcdef01-1234-5678-9abc-def012345678\nlogsource:\n  category: process_creation\n  product: windows\ndetection:\n  selection:\n    CommandLine|contains: 'test'\n  condition: selection\n'''\nrule = SigmaCollection.from_yaml(rule_source)\nbackend = SplunkBackend()\nresult = backend.convert(rule)\nprint(result)","lang":"python","description":"Convert a Sigma rule to Splunk SPL query.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}