pySigma PowerShell Backend

The pySigma PowerShell backend uses pySigma to convert Sigma rules into PowerShell queries. It was designed to be used in conjunction with the Soap PowerShell module (i.e., the Read-WinEvent function).

Overview

The pySigma PowerShell backend includes two Python packages:

sigma.pipelines.powershell: normalizes Sigma rules for PowerShell.
sigma.backends.powershell: declares the PowerShellBackend class and multiple output methods.

It currently supports the following output formats:

Usage

poetry run python sigma2powershell.py -p rules/

Testing

python -m pip install --user pytest
python -m pytest                                                                  # test all functions
python -m pytest tests/test_backend_powershell.py::test_powershell_and_expression # test a specific function

Updating to the Latest Version of pySigma

python -m poetry add pysigma@latest

References

Understanding XML and XPath by the Microsoft Scripting Guy, Ed Wilson

Name		Name	Last commit message	Last commit date
Latest commit History 82 Commits
.github/workflows		.github/workflows
rules		rules
sigma		sigma
tests		tests
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
get_dataset.py		get_dataset.py
get_sigma_rules.py		get_sigma_rules.py
poetry.lock		poetry.lock
print-coverage.py		print-coverage.py
pyproject.toml		pyproject.toml
sigma2powershell.py		sigma2powershell.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

pySigma PowerShell Backend

Overview

Usage

Testing

Updating to the Latest Version of pySigma

References

About

Releases

Packages

Languages

License

cyberphor/pySigma-backend-powershell

Folders and files

Latest commit

History

Repository files navigation

pySigma PowerShell Backend

Overview

Usage

Testing

Updating to the Latest Version of pySigma

References

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages