Skip to content

Add a pipeline to collect Sigma rules #2028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ziadhany wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add a pipeline to collect Sigma rules #2028

ziadhany wants to merge 5 commits into from
+471 −0

Conversation

@ziadhany
Copy link
Collaborator

@ziadhany ziadhany commented Nov 24, 2025

@ziadhany ziadhany marked this pull request as ready for review November 25, 2025 20:34
@ziadhany ziadhany force-pushed the collect-sigma-rules branch from 7807171 to 99f6341 Compare December 4, 2025 00:22
@ziadhany
Add a pipeline to collect Sigma rules
f9b804a 
Signed-off-by: ziad hany <[email protected]>
@ziadhany
Rename and update DetectionRule model
7c07b0b 
Update sigma rules improver

Signed-off-by: ziad hany <[email protected]>
@ziadhany
Update sigma rule importer to store metadata
e7f78ab 
Signed-off-by: ziad hany <[email protected]>
@ziadhany
Update migration file
4362d9c 
Add a simple test for rule_text, advisory_aliases

Signed-off-by: ziad hany <[email protected]>
@ziadhany
Fix merge conflict and Update migration file
f274af1 
Signed-off-by: ziad hany <[email protected]>
@ziadhany ziadhany force-pushed the collect-sigma-rules branch from 99f6341 to f274af1 Compare December 16, 2025 13:05
@ziadhany
Copy link
Collaborator Author

ziadhany commented Dec 16, 2025
edited
Loading

@TG1999 @keshav-space This is the log for the Sigma Rules improver. Please review this PR when once you have time.

INFO 2025-12-16 15:40:59.037415 UTC Step [clone_repo] completed in 166 seconds (2.8 minutes)
INFO 2025-12-16 15:40:59.037518 UTC Step [collect_and_store_rules] starting
INFO 2025-12-16 15:40:59.292655 UTC Enhancing the vulnerability with 4,031 rule records
INFO 2025-12-16 15:41:01.504841 UTC Progress: 10% (404/4031) ETA: 20 seconds
INFO 2025-12-16 15:41:03.975950 UTC Progress: 20% (807/4031) ETA: 19 seconds
INFO 2025-12-16 15:41:06.603437 UTC Progress: 30% (1210/4031) ETA: 17 seconds
INFO 2025-12-16 15:41:09.293946 UTC Progress: 40% (1613/4031) ETA: 15 seconds
INFO 2025-12-16 15:41:11.745735 UTC Progress: 50% (2016/4031) ETA: 12 seconds
INFO 2025-12-16 15:41:14.213176 UTC Progress: 60% (2419/4031) ETA: 10 seconds
INFO 2025-12-16 15:41:17.394904 UTC Progress: 70% (2822/4031) ETA: 8 seconds
INFO 2025-12-16 15:41:19.857149 UTC Progress: 80% (3225/4031) ETA: 5 seconds
INFO 2025-12-16 15:41:20.028751 UTC AdvisoryAlias CVE-2021-42237: web_cve_2021_42237_sitecore_report_ashx.yml not found.
INFO 2025-12-16 15:41:20.035137 UTC AdvisoryAlias CVE-2021-33766: web_cve_2021_33766_msexchange_proxytoken.yml not found.
INFO 2025-12-16 15:41:20.041243 UTC AdvisoryAlias CVE-2021-22123: web_cve_2021_22123_fortinet_exploit.yml not found.
INFO 2025-12-16 15:41:20.047913 UTC AdvisoryAlias CVE-2021-22893: web_cve_2021_22893_pulse_secure_rce_exploit.yml not found.
INFO 2025-12-16 15:41:20.054596 UTC AdvisoryAlias CVE-2021-33771: registry_set_cve_2021_31979_cve_2021_33771_exploits.yml not found
....
INFO 2025-12-16 13:12:18.007779 UTC Progress: 100% (4031/4031)
INFO 2025-12-16 13:12:18.015054 UTC Step [collect_and_store_rules] completed in 24 seconds
INFO 2025-12-16 13:12:18.015150 UTC Step [clean_downloads] starting
INFO 2025-12-16 13:12:18.015199 UTC Removing cloned repository
INFO 2025-12-16 13:12:18.106305 UTC Step [clean_downloads] completed in 0 seconds
INFO 2025-12-16 13:12:18.106445 UTC Pipeline completed in 161 seconds (2.7 minutes)

Process finished with exit code 0

@pombredanne pombredanne mentioned this pull request Dec 18, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@keshav-space keshav-space Awaiting requested review from keshav-space

@TG1999 TG1999 Awaiting requested review from TG1999

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ziadhany