Add Sigma Translator App v1.1.0 - Modern pySigma Implementation #433
Conversation
- Complete rewrite using modern pySigma framework instead of legacy sigmatools - Support for 12+ SIEM platforms (Splunk, Elasticsearch, Microsoft Sentinel, QRadar, etc.) - New actions: translate_sigma_rule, validate_sigma_rule, list_supported_platforms, convert_rule_file - Multiple output formats: default, JSON, YAML - Improved error handling and validation - Updated to use shuffle_sdk instead of walkoff_app_sdk - Addresses issue Shuffle#148: Create Sigma translator app Supported platforms: - Splunk (SPL queries) - Elasticsearch (Lucene queries) - Microsoft Sentinel (KQL queries) - IBM QRadar (AQL queries) - LogPoint, CrowdStrike, Carbon Black, InsightIDR, Panther, OpenSearch, Loki, SQLite This implementation provides a modern, maintainable solution for translating Sigma detection rules to various SIEM query languages, similar to uncoder.io functionality.
|
🛡️ Hi @frikky, I’d like to formally request consideration for the Octernship program through Issue #148: Sigma Translator App. My background includes backend automation with Python, rule schema design, and integration into workflow platforms like Shuffle. I’ve explored pySigma extensively, and I’m confident in building a modular translator system tailored for cybersecurity workflows—no frontend required. I’m excited to contribute meaningfully to this app and believe this Octernship would be a great fit for both my skill set and interest in cyber automation. I’d be grateful for the opportunity to join the program officially through this issue. 🙏 Looking forward to your feedback! |
|
If you truly understand Sigma to the point you're able to write this by hand this would be cool, but I have a significant lack of trust in it simply due to your other PR's being vibecoded bullshit. This is not necessary anymore as per our current stature. Further; the octernship was done years ago, and I don't think Github does anything like it anymore at all |
|
Ok
…On Fri, 8 Aug, 2025, 15:25 Frikky, ***@***.***> wrote:
*frikky* left a comment (Shuffle/python-apps#433)
<#433 (comment)>
If you truly understand Sigma to the point you're able to write this by
hand this would be cool, but I have a significant lack of trust in it
simply due to your other PR's being vibecoded bullshit. This is not
necessary anymore as per our current stature.
Further; the octernship was done years ago, and I don't think Github does
anything like it anymore at all
—
Reply to this email directly, view it on GitHub
<#433 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BLR2IIM22XCGP3L22QKKCD33MRXYTAVCNFSM6AAAAACCEG3JJOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTCNRXGI4DGOJWGQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Supported platforms:
This implementation provides a modern, maintainable solution for translating Sigma detection rules to various SIEM query languages, similar to uncoder.io functionality.