forked from ppll0p1s/SigmaShooter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sigmaShooter.conf
74 lines (56 loc) · 2.14 KB
/
sigmaShooter.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#--------------------------------------------------
# SigmaShooter: Shooter of Sigma rules
# sigmaShooter.conf: Config File sigmaShooter.conf
#
# Author: ppll0p1s
# For more information:
# https://github.com/ppll0p1s/SigmaShooter
#
# Version - v0.01 - 28/03/2020
#
#--------------------------------------------------
###################################################
# This file contains a sample SigmaShooter configuration
# You should take the following steps to create your own custom configuration:
#
# 1) Set IP address and port variables and repository mode only
# 2) Set the rules path name and rules backup path name
# 3) Set log file path
# 4) Select SIEM variable and complete the values necessary to connect it
###################################################
###################################################
# Step 1): Set IP address and port variables of the server where SigmaShooter will run
###################################################
# IP address
addr=
# Port
port=
# Write "true" in repo var to run the app only as repository of Sigma rules, without SIEM functionality: e.g. repo=true
repo=
###################################################
# Step 2): Set the rules and rules backup path name variables. The rules backup path will be used to backup rules any time new set of rules be uploaded
# NOTE: Do not forget write slash at the end
###################################################
# Rules Path
rulePath=rules/
# Rules Backup Path
ruleBakPath=rulesBackup/
###################################################
# Step 3): Set log file path
###################################################
# Logs will be saved in
logDir=logs/sigmaShooter.log
###################################################
# Step 4): Uncomment and complet the SIEM variables in which you store your data to search Sigma queries
###################################################
# Graylog
# NOTE: siem value must match with sigmac options availables
siem=graylog
siemAddr=
siemPortApi=
# NOTE: write siemUrlApi ended with slash. e.g. siemUrlApi=/api/
siemUrlApi=
siemPortInput=
siemToken=
# TODO: add more SIEMs
# In v0.01 only Graylog option is available