Skip to content

DenizenB/pySigma-backend-sqlite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
sigma
sigma
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
poetry.lock
poetry.lock
 
 
print-coverage.py
print-coverage.py
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Status

pySigma SQLite Backend

This is the SQLite backend for pySigma. It provides the package sigma.backends.sqlite with the SQLiteBackend class.

The backend supports the following backend options (passed with -O to sigma convert, or as keyword constructor arguments):

  • table_name: The name of the SQLite table to search in
  • reverse_indexed_fields: A list of fields that are indexed in reverse, as an optimization for endswith conditions

Further, it contains the following processing pipelines in sigma.pipelines.sqlite:

  • sqlite_pipeline: Reject rules that aren't supported by this backend

It supports the following output formats:

  • default: plain sqlite queries
  • json: rule and sqlite query as json object

This backend is currently maintained by:

SQLite User Functions

This backend generates queries containing the functions REGEXP and REV and expects them to be defined as user functions in SQLite.

Here's an example implementation in Python:

import re

def regexp(pattern, column, search=re.search, flags=re.IGNORECASE):
    return 1 if search(pattern, column, flags) else 0

db.create_function('regexp', 2, regexp, deterministic=True)

def rev(text):
    return text[::-1] if text is not None else None

db.create_function("rev", 1, rev, deterministic=True)

About

An SQLite backend for pySigma

github.com/SigmaHQ/pySigma

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages