https://github.com/almostsouji/omega

SIEM detection format for javascript objects based on sigma logfile rules.
https://github.com/almostsouji/omega

logging monitoring security siem signatures

Last synced: 6 months ago
JSON representation

SIEM detection format for javascript objects based on sigma logfile rules.

• Host: GitHub
• URL: https://github.com/almostsouji/omega
• Owner: almostSouji
• License: mit
• Created: 2023-11-26T20:00:03.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-12-23T19:35:24.000Z (over 1 year ago)
• Last Synced: 2025-04-03T10:44:47.908Z (about 1 year ago)
• Topics: logging, monitoring, security, siem, signatures
• Language: TypeScript
• Homepage:
• Size: 2.56 MB
• Stars: 2
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# A SIEM detection format for JavaScript objects.

The pattern matching and rule syntax are based on [Sigma rules](https://github.com/SigmaHQ/sigma), but adapted for the analysis of javscript objects rather than logfiles.

## Why should I use this?

You probably shouldn't.

- The entire rule engine is written in TypeScript and the evaluation is very much not optimized for use at massive scale.

- This is a proof of concept for my personal use and to increase my understanding of detection flows.

However, if you are intersted in evaluating arbitrary objects against something closely resembling sigma rules, feel free to give it a shot!

- [Writing detection logic](https://github.com/almostSouji/omega/wiki/How-to-write-a-rule) is simple, yet quite powerful!

- [Rules can have rich meta data](https://github.com/almostSouji/omega/wiki/Rule-Fields), so you know what is matched and why!

- [Integreation is approachable](https://github.com/almostSouji/omega/wiki), you should be able to get this working pretty quickly!

## Contributing

Before contributing, please read through the [wiki](https://github.com/almostSouji/omega/wiki). It details almost anything there is to know. If the wiki is not specific enough, check out the [Sigma rule specification](https://sigmahq.io/sigma-specification/Sigma_specification.html), Omega is very much built around it!

Before submitting a PR, please make sure:

- The project builds `yarn build`.

- The tests run without fail `yarn test`.

- The format and lint rule are applied and respected `yarn lint`, `yarn format`

## Inspiration and simialar projects

This project closely follows the sigma rule specification and was inspired by seeing these amazing projects in action:

- https://github.com/SigmaHQ/sigma (log files)

- https://github.com/VirusTotal/yara (malware)

- https://www.snort.org/ (network traffic)

- https://github.com/phish-report/IOK (phishing kits)