https://github.com/almostsouji/omega
SIEM detection format for javascript objects based on sigma logfile rules.
https://github.com/almostsouji/omega
logging monitoring security siem signatures
Last synced: 6 months ago
JSON representation
SIEM detection format for javascript objects based on sigma logfile rules.
- Host: GitHub
- URL: https://github.com/almostsouji/omega
- Owner: almostSouji
- License: mit
- Created: 2023-11-26T20:00:03.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-12-23T19:35:24.000Z (over 1 year ago)
- Last Synced: 2025-04-03T10:44:47.908Z (about 1 year ago)
- Topics: logging, monitoring, security, siem, signatures
- Language: TypeScript
- Homepage:
- Size: 2.56 MB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# A SIEM detection format for JavaScript objects.
The pattern matching and rule syntax are based on [Sigma rules](https://github.com/SigmaHQ/sigma), but adapted for the analysis of javscript objects rather than logfiles.
## Why should I use this?
You probably shouldn't.
- The entire rule engine is written in TypeScript and the evaluation is very much not optimized for use at massive scale.
- This is a proof of concept for my personal use and to increase my understanding of detection flows.
However, if you are intersted in evaluating arbitrary objects against something closely resembling sigma rules, feel free to give it a shot!
- [Writing detection logic](https://github.com/almostSouji/omega/wiki/How-to-write-a-rule) is simple, yet quite powerful!
- [Rules can have rich meta data](https://github.com/almostSouji/omega/wiki/Rule-Fields), so you know what is matched and why!
- [Integreation is approachable](https://github.com/almostSouji/omega/wiki), you should be able to get this working pretty quickly!
## Contributing
Before contributing, please read through the [wiki](https://github.com/almostSouji/omega/wiki). It details almost anything there is to know. If the wiki is not specific enough, check out the [Sigma rule specification](https://sigmahq.io/sigma-specification/Sigma_specification.html), Omega is very much built around it!
Before submitting a PR, please make sure:
- The project builds `yarn build`.
- The tests run without fail `yarn test`.
- The format and lint rule are applied and respected `yarn lint`, `yarn format`
## Inspiration and simialar projects
This project closely follows the sigma rule specification and was inspired by seeing these amazing projects in action:
- https://github.com/SigmaHQ/sigma (log files)
- https://github.com/VirusTotal/yara (malware)
- https://www.snort.org/ (network traffic)
- https://github.com/phish-report/IOK (phishing kits)