Detailed docs about converting Sigma rules for Panther can be found here.
This is the panther backend for pySigma. It provides the package sigma.backends.panther with the PantherBackend class.
It supports the following output formats:
- default: Panther Python Detections format
- sdyaml (
-f sdyaml): Panther YAML Detections To save each rule in separate file you can useoutput_dirbackend option.
sigma convert -t panther path/to/rules -p panther -O output_dir=output/directoryor
sigma convert -t panther -f sdyaml path/to/rules -p panther -O output_dir=output/directoryFurther, it contains the following processing pipelines in sigma.pipelines.panther:
- panther_pipeline: Convert known Sigma field names into their Panther schema equivalent
The project is using poetry for dependency management,
so after cloning it run: poetry install to install all the required dependencies.
Tests can be run with:
poetry run pytestAnd rules can be converted with:
poetry run sigma convert -t panther -f sdyaml -p panther path_to_sigma_rule.yml`