{"id":22964559,"url":"https://github.com/pop-ecx/sigma-ls","last_synced_at":"2026-05-02T19:34:13.880Z","repository":{"id":267253790,"uuid":"893505185","full_name":"pop-ecx/sigma-ls","owner":"pop-ecx","description":"A minimal language server to help in writing sigma rules","archived":false,"fork":false,"pushed_at":"2025-06-05T06:27:44.000Z","size":32762,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-05T07:52:51.180Z","etag":null,"topics":["detection-engineering","language-server-protocol","lsp","neovim","sigma-rules"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pop-ecx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"Contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"Security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-11-24T16:09:20.000Z","updated_at":"2025-06-05T06:25:24.000Z","dependencies_parsed_at":"2025-01-25T14:19:47.339Z","dependency_job_id":"10ad7387-492e-4e21-a7fb-ef610447109d","html_url":"https://github.com/pop-ecx/sigma-ls","commit_stats":null,"previous_names":["pop-ecx/sigma-ls"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/pop-ecx/sigma-ls","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pop-ecx%2Fsigma-ls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pop-ecx%2Fsigma-ls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pop-ecx%2Fsigma-ls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pop-ecx%2Fsigma-ls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pop-ecx","download_url":"https://codeload.github.com/pop-ecx/sigma-ls/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pop-ecx%2Fsigma-ls/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32547650,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-02T19:18:06.202Z","status":"ssl_error","status_checked_at":"2026-05-02T19:16:21.335Z","response_time":132,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detection-engineering","language-server-protocol","lsp","neovim","sigma-rules"],"created_at":"2024-12-14T20:11:13.380Z","updated_at":"2026-05-02T19:34:13.875Z","avatar_url":"https://github.com/pop-ecx.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License: Apache2.0](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/apache-2-0) \n![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/pop-ecx/sigma-ls/ci.yml)\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/pop-ecx/sigma-ls)\n\n## Sigma Language Server\n\n[Sigma](https://sigmahq.io/docs/guide/getting-started.html)\n\nA small Language server to assist in writing sigma rules.\n\nSigma rules are yaml files that contain info to detect malicious behavior when suspecting log files in various SIEMs.\n\nI have been writing a lot of these rules lately and I use neovim (btw), so I wanted to make it easy for myself. It may be useful to y'all.\n\nThe LS provides features such as diagnostics and completion. I've also created a little plugin for compiling with sigmac from within neovim itself.\nNo need to leave your beloved editor when writing sigma rules. You can get the conversion plugin [here](https://github.com/pop-ecx/sigma_picker.nvim) \n\n\n## How it feels\nReal time diagnostics is provided as you write your sigma rules\n![diagnostics](sigma.gif)\n\n## supported features\n\n`textDocument/codeAction`\n\n`textDocument/formatting` (experimental)\n\n`textDocument/hover`\n\n`textDocument/documentSymbol`\n\n## Installation instructions\n- Git clone the repo\n- cd into the repo\n- run poetry install\n- Connect to the LSP in Neovim by adding this to your init.lua file\n```lua\nvim.api.nvim_create_autocmd('FileType', {\n  pattern = 'yaml',\n  callback = function (args)\n    vim.lsp.start({\n      name = 'Sigma_ls',\n      cmd = {\"\u003cpoetry env info path\u003e/bin/python\", \"/path/to/repo/main.py\"},\n    })\n  end,\n})\n```\n\u003e Ensure you have poetry in your system\n\n## Extra capability\nIt is now possible to search for tags by simply typing\n\n![search for tags](mitre.gif)\n\n```lua\nSearchMitre \u003ckeyword\u003e\n```\n\nTo get this capability simply add this to your init.lua:\n```lua\nvim.api.nvim_create_user_command(\"SearchMitre\", function(opts)\n    local keyword = opts.args\n    vim.lsp.buf_request(0, \"sigma/searchMitre\", { keyword = keyword }, function(err, result)\n        if err then\n            vim.notify(\"Error: \" .. err.message, vim.log.levels.ERROR)\n        elseif type(result) ~= \"table\" then\n            vim.notify(\"Unexpected response format from LSP server.\", vim.log.levels.ERROR)\n        elseif result.error then\n            vim.notify(\"Error: \" .. result.error, vim.log.levels.WARN)\n        elseif result.matches then\n            if #result.matches \u003e 0 then\n                local formatted_results = {}\n                for _, match in ipairs(result.matches) do\n                    table.insert(formatted_results, match.tag .. \": \" .. match.description)\n                end\n                vim.notify(\"MITRE ATT\u0026CK Matches:\\n\" .. table.concat(formatted_results, \"\\n\"), vim.log.levels.INFO)\n            else\n                vim.notify(\"No matches found.\", vim.log.levels.WARN)\n            end\n        else\n            vim.notify(\"Unexpected result structure from LSP server.\", vim.log.levels.ERROR)\n        end\n    end)\nend, { nargs = 1 })\n```\n\n## Hover capability\nHover over MITRE tags to get more info. You can set a keymap like so\n\n```lua\nvim.keymap.set('n', 'K', vim.lsp.buf.hover, {})\n```\n\n## Document symbols\nYou can get document symbols. Set a keymap like so \n\n```lua\nvim.keymap.set('n', '\u003cleader\u003eDS', ':Telescope lsp_document_symbols\u003cCR\u003e', {noremap=true, silent=true})\n```\n\nOr just run this directly in command mode:\n\n```lua\nlua vim.lsp.buf.document_symbol()\n```\n\n## Install in dev mode\nrun\n\n```bash\npoetry install\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpop-ecx%2Fsigma-ls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpop-ecx%2Fsigma-ls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpop-ecx%2Fsigma-ls/lists"}