Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cybercentrecanada/assemblyline-service-sigma

Assemblyline 4 Sigma service for Windows Event Log scanning
https://github.com/cybercentrecanada/assemblyline-service-sigma

assemblyline malware-analysis sigma

Last synced: about 2 months ago
JSON representation

Assemblyline 4 Sigma service for Windows Event Log scanning

Host: GitHub
URL: https://github.com/cybercentrecanada/assemblyline-service-sigma
Owner: CybercentreCanada
Created: 2020-12-07T16:26:57.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2024-10-23T15:36:00.000Z (2 months ago)
Last Synced: 2024-10-23T20:46:24.406Z (2 months ago)
Topics: assemblyline, malware-analysis, sigma
Language: Python
Homepage: https://cybercentrecanada.github.io/assemblyline4_docs/
Size: 177 KB
Stars: 1
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Sigma Service

This assemblyline service automates detection of Windows Sysmon Event logs that indicate malicious behavior.

### How does it work?
This service utilizes our pysigma library https://github.com/CybercentreCanada/pysigma to check Windows Sysmon Event logs against a Sigma ruleset.
The sigma rules are found from a list of sources defined in the service_manifest.yml. Currently all the rules used in the service are found from https://github.com/SigmaHQ/sigma/tree/master/rules/windows

**NOTE**: This service does not require you to buy any licence and is preinstalled and
working after a default installation