{"id":18798747,"url":"https://github.com/f5networks/aip-to-sigma","last_synced_at":"2026-02-16T02:10:13.231Z","repository":{"id":217727660,"uuid":"676277381","full_name":"F5Networks/aip-to-sigma","owner":"F5Networks","description":"AIP Rules Converted To The Sigma Format","archived":false,"fork":false,"pushed_at":"2024-05-31T19:27:41.000Z","size":259,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-21T19:53:35.227Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/F5Networks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-08T20:51:08.000Z","updated_at":"2024-05-31T19:27:46.000Z","dependencies_parsed_at":null,"dependency_job_id":"750c551b-f7d8-48a1-95cc-1544985709a3","html_url":"https://github.com/F5Networks/aip-to-sigma","commit_stats":null,"previous_names":["f5networks/aip-to-sigma"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/F5Networks/aip-to-sigma","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Faip-to-sigma","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Faip-to-sigma/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Faip-to-sigma/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Faip-to-sigma/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/F5Networks","download_url":"https://codeload.github.com/F5Networks/aip-to-sigma/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/F5Networks%2Faip-to-sigma/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001303,"owners_count":26083058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T22:12:51.860Z","updated_at":"2025-10-09T11:39:22.665Z","avatar_url":"https://github.com/F5Networks.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# AIP To Sigma\n\n## Description\nThis project contains rules from F5 Distributed Cloud App Infrastructure Protection (AIP) in the [Sigma](https://sigmahq.io/) format. Sigma is a \"Generic Signature Format for SIEM Systems\" and could best be summed up as \"Sigma is for log files what Snort is for network traffic and YARA is for files\". \n\nSince AIP reached End-Of-Sale in June 2023 and will reach End-Of-Life in June 2024 the AIP Detection Engineering Team decided to create Sigma version of as many of our rules as possible so customers can take advantage of our rules in other products after June 2024. If any changes are made to existing rules in the AIP product or if new rules are created those changes will be pushed to this project shortly after. \n\nThese rules are provided \"as is\" though every effort has been made to make them align as closely as possible with the AIP version of the rule. Field names have been changed to align with the [Sigma specification](https://github.com/SigmaHQ/sigma-specification) and not every AIP rule will have a Sigma version. There is likely going to be overlap with the base Sigma rules. \n\n## Usage\nRules can be converted into queries using the following tools:\n- The [Sigma CLI](https://github.com/SigmaHQ/sigma-cli)\n- [Uncoder.IO](https://uncoder.io/) (Community Edition of UncoderAI requires registration with work e-mail)\n- [sigconverter.io](https://sigconverter.io/)\n- If the Sigma CLI or Uncoder do not support your target query language it may be supported in [Sigma Legacy](https://github.com/SigmaHQ/legacy-sigmatools) tooling\n- If you want to customize a rule and prefer a GUI to a text editor you can utilize the [SigmaHQ Rule Creation GUI](https://sigmahq.streamlit.app/)\n\nIf you would like to look up the AIP version of a rule the `id` field matches up with the Rule ID in the AIP platform if you are subscribed to Managed Rules. \n\n## Support\nWhile each rule has been run through the [Sigma CLI](https://github.com/SigmaHQ/sigma-cli) in order to check for syntax errors please open up an Issue if you discover a syntax error. \n\nIf you are an AIP customer and have any questions about this project please reach out to your PSE or the AIP SOC.\n\n## Coverage and Roadmap\nAs of December 18th, 2023 we have converted 82% of the rules in the AIP Platform with 298 out of 363 converted. Of the remaining 65 rules: 45 cannot be converted, 4 are covered by other rules, and 16 require additional work. Updates will be made to the repo as we complete work on the remaining 16 rules. \n\n## Contributing\nAt this time we are not accepting pull requests. \n\n## Maintainers\n[\u003cimg alt=\"Ethan Hansen\" src=\"https://avatars.githubusercontent.com/u/140435226\" width=\"80\"/\u003e](https://github.com/f5-ehansen) [\u003cimg alt=\"Levi Smith\" src=\"https://avatars.githubusercontent.com/u/141268759\" width=\"80\"/\u003e](https://github.com/lsmith8) [\u003cimg alt=\"Bria Atchley\" src=\"https://avatars.githubusercontent.com/u/140658380\" width=\"80\"/\u003e](https://github.com/briaaatchley)\n\n## Acknowledgments\nThe original Sigma project was developed by Florian Roth and Thomas Patzke.\n\n## License\nThe content of this repository is released under the following licenses:\n\n* The [Sigma Specification](https://github.com/SigmaHQ/sigma-specification) and the Sigma logo are public domain\n* The rules contained in the [SigmaHQ repository](https://github.com/SigmaHQ) are released under the [Detection Rule License (DRL) 1.1](https://github.com/SigmaHQ/Detection-Rule-License)\n\nCopies of these licenses are included in this repo.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5networks%2Faip-to-sigma","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ff5networks%2Faip-to-sigma","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff5networks%2Faip-to-sigma/lists"}