Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial Sigma support #1028

Merged
merged 16 commits into from
Jan 17, 2020
Merged

Initial Sigma support #1028

merged 16 commits into from
Jan 17, 2020

Conversation

Onager
Copy link
Contributor

@Onager Onager commented Nov 13, 2019

Initial work for Sigma integration.

Adding more mappings would be ongoing work, to make analyzer compatible with different rulesets. I can add more tests in a follow up PR, once some of the analyzer testing code is complete/merged.

@Onager
Initial work on Sigma support
b21e526
@Onager
Initial work on Sigma support
af991e7
@Onager
WIP
6226991
@Onager
Initial work on Sigma support
7b6aa24
@Onager
Merge branch 'sigma' of https://github.com/Onager/timesketch into sigma
c6ae4e7 
� Conflicts:
�	timesketch/lib/analyzers/__init__.py
�	timesketch/lib/analyzers/sigma_tagger.py
�	timesketch/lib/analyzers/sigma_tagger_test.py
@Onager
Initial work on Sigma support
602128d
@Onager Onager requested a review from berggren November 13, 2019 13:39
berggren
berggren requested changes Nov 13, 2019
View reviewed changes
Copy link
Contributor

@berggren berggren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, a couple of questions

timesketch/lib/analyzers/sigma_tagger.py Outdated Show resolved Hide resolved
timesketch/lib/analyzers/sigma_tagger.py Outdated Show resolved Hide resolved
@Onager Onager requested a review from berggren November 29, 2019 10:55
@berggren berggren mentioned this pull request Jan 8, 2020
Closed
berggren
berggren previously approved these changes Jan 8, 2020
View reviewed changes
Copy link
Contributor

@berggren berggren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

berggren
berggren previously approved these changes Jan 10, 2020
View reviewed changes
@berggren
Copy link
Contributor

@Onager Seeing that sigmatools is py3 only, it fails (naturally) when run on py2. Until we remove py2 support we need to check for this in the tests, and also not register the analyzer if run on py2.

When this is fixed this one is ready to merge.

@berggren
Copy link
Contributor

This is a good oppurtunity to sunset py2 support. I'll do that in another PR before merging this one.

@berggren berggren merged commit 0c6c4b6 into google:master Jan 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@berggren berggren berggren approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Onager @berggren