Unofficial pySigma Yaml pipeline
This depot is not linked to SigmaHQ or pySigma.
This is an open library for pySigma pipelines in yaml format. You can use them, improve them or add new ones.
- elastalert_any from https://x.com/frack113/status/1697904485031399431
- ecs_1_winlogbeat ECS 1.xx winlogbeat field mapping
- ecs_1_filebeat ECS 1.xx filebeat field mapping (only auditd module)
- ecs_1_casesensitive Use regex to make Case Insensitive search
- placerholder from sigmahq bloq
- processing from sigmahq bloq
- field_mapping from sigmahq bloq
- splunk-savedsearches-concat from sigmahq bloq
- splunk-savedsearches-template from sigmahq bloq