Introducing sigconverter.io: The Community-Driven Sigma Translation Tool
Introduction
In the ever-evolving landscape of cybersecurity, the need for effective and accessible tools has never been greater. That’s why we’ve developed sigconverter.io, a community-driven, free online Sigma translation tool designed to address the gaps in accessibility and privacy found in similar third-party services. The source code is hosted on GitHub, our tool not only aims to simplify the process of writing, validating, and sharing Sigma rules but also keeps your activities private. Offering an easy-to-use interface for Sigma rule conversion, support for multiple backends through pySigma, and continuous updates to stay in sync with pySigma, this tool is a game-changer. In this blog post, we’ll delve into why this tool is essential, how it was built, its capabilities, and what lies ahead.
Why Do We Need a Community-Run and Open Source Conversion UI? 🤔
🤝 Community-Driven, Always Free and Open Source
The power of community-driven initiatives lies in the collective expertise and passion for making things better. By keeping sigconverter.io open source and free, we ensure that it remains a tool for the community, by the community. This approach guarantees that the tool will always be up-to-date, incorporating the latest features and improvements.
🔒Privacy and Protecting Individual Data
In a world where data is the new oil, protecting individual privacy is paramount. sigconverter.io is designed with privacy as a core value. We don’t monetize user data or subject it to ongoing monitoring. Your activities on the platform remain your own, safeguarded from commercial exploitation.
🛠️ New Features and Maintenance by Researchers
The tool is not just a one-off project but a continually evolving platform. Maintained by researchers like us, it will keep incorporating new features and improvements, ensuring it remains a relevant and effective tool for the cybersecurity community.
How We Built This Converter 🏗️
Inspired by uncoder.io, sigconverter.io is built on top of pySigma and leverages Python Flask as its web server under the hood. This project was completely based on sigmaio by Julian Ortel. Special thanks to the author Julian for laying the groundwork. The tool is hosted as a Cloud Run project under Google Cloud, ensuring both reliability and availability. We take your privacy seriously. Rest assured, we will never collect individual user data or any personal information like emails. While we plan to implement Google Analytics for understanding web traffic and planning scalability, this will not compromise your personal data in any way.
What Can It Do and What Does the Future Look Like? 🌟
Currently, sigconverter.io supports the conversion of Sigma rules to various SIEM query languages. We have big plans for the future, including rule validation, sharing capabilities, bulk rule conversion and support for even more SIEM platforms.
📣 Your Feedback Matters
We’re always looking to improve and expand the tool’s capabilities. If you have suggestions for new features or encounter any bugs, please create a GitHub issue on our repository. Your feedback is invaluable in making sigconverter.io a better tool for everyone.
How Does The Conversion Work 📝
As stated at the start the tool leverages the latest and greatest pySigma library for converting sigma rules into the different backend’s queries. In practice the app leverages the Sigma “Backend” class and the different backends and pipelines published in the sigma plugin directory, all of which is made accessible via the interface.
This flexibility also means that in case you have a custom or private backend, you can still make use of the app by simply installing your backend on the same system.
Examples
Here are some rules that can be converted to a couple different backends, to give you a taste of what the tool can do:
What’s Next? 🚀
The journey is just beginning. We’re excited about the roadmap for sigconverter.io and are eager for your feedback. Currently, the project is maintained by:
We’re always looking for more contributors, so if you’re interested, please join us!
Kudos to Florian Roth (GitHub), Thomas Patzke (GitHub), and the entire Sigma community for the immense value they provide by building community detections.
