pySigma Splunk Backend

This is the Splunk backend for pySigma. It provides the package sigma.backends.splunk with the SplunkBackend class. Further, it contains the following processing pipelines in sigma.pipelines.splunk:

splunk_windows_pipeline: Splunk Windows log support
splunk_windows_sysmon_acceleration_keywords: Adds fiels name keyword search terms to generated query to accelerate search.

It supports the following output formats:

default: plain Splunk queries
savedsearches: Splunk savedsearches.conf format.

This backend is currently maintained by:

Thomas Patzke

Name	Name	Last commit message	Last commit date
Latest commit thomaspatzke Release 1.1.3 Jan 23, 2025 15218df · Jan 23, 2025 History 125 Commits
.github	.github	Updates Python versions	Nov 29, 2024
sigma	sigma	Field (non)existence check expression	Jan 23, 2025
tests	tests	Field (non)existence check expression	Jan 23, 2025
.git-blame-ignore-revs	.git-blame-ignore-revs	Ignore reformatting commit	Jan 29, 2024
.gitignore	.gitignore	splunk data model support	Apr 11, 2022
.pre-commit-config.yaml	.pre-commit-config.yaml	build: 📦 Update dependencies version	Jan 28, 2024
LICENSE	LICENSE	Initial version	Feb 12, 2022
README.md	README.md	Added Windows processing pipelines	Mar 21, 2022
conftest.py	conftest.py	splunk data model support	Apr 11, 2022
poetry.lock	poetry.lock	Release 1.1.3	Jan 23, 2025
print-coverage.py	print-coverage.py	Update poetry	Dec 13, 2023
pyproject.toml	pyproject.toml	Release 1.1.3	Jan 23, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

pySigma Splunk Backend

About

Releases 21

Sponsor this project

Packages

Contributors 9

Languages

License

SigmaHQ/pySigma-backend-splunk

Folders and files

Latest commit

History

Repository files navigation

pySigma Splunk Backend

About

Resources

License

Stars

Watchers

Forks

Releases 21

Sponsor this project

Packages 0

Contributors 9

Languages

Packages