Navigation
index
modules
|
Python Sigma 0.1.0 documentation
»
Index
Index
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
K
|
L
|
M
|
N
|
O
|
P
|
Q
|
R
|
S
|
T
|
U
|
V
|
W
A
action (sigma.schema.BaseCorrelation attribute)
(sigma.schema.IncludeSchema attribute)
actions (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
AddTags (class in sigma.transform)
AddTags.Schema (class in sigma.transform)
AddTags.Schema.Config (class in sigma.transform)
aliased_group() (in module sigma.cli)
and_format (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
apply_rule_transform() (sigma.serializer.Serializer method)
args (sigma.grammar.CoreExpression attribute)
(sigma.grammar.Identifier attribute)
(sigma.grammar.Selector attribute)
Attack (class in sigma.mitre)
ATTACK_SINGLETON (sigma.mitre.Attack attribute)
ATTACK_URLS (sigma.mitre.Attack attribute)
author (sigma.schema.Rule attribute)
B
base (sigma.serializer.CommonSerializerSchema attribute)
base64_modifier() (in module sigma.grammar)
Base64FieldEquality (class in sigma.grammar)
base64offset_modifier() (in module sigma.grammar)
BaseCorrelation (class in sigma.schema)
bcc (sigma.serializer.elastic.ElasticSecurityEmailAction attribute)
body (sigma.serializer.elastic.ElasticSecurityWebhookAction attribute)
bool_false (sigma.serializer.TextQuerySerializer.Schema attribute)
bool_true (sigma.serializer.TextQuerySerializer.Schema attribute)
build_expression() (sigma.schema.RuleDetectionFields method)
(sigma.schema.RuleDetectionList method)
build_grammar_parser() (in module sigma.grammar)
build_key_value_expression() (in module sigma.grammar)
C
category (sigma.schema.RuleLogSource attribute)
(sigma.serializer.LogSourceMatch attribute)
cc (sigma.serializer.elastic.ElasticSecurityEmailAction attribute)
clazz (sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
column (sigma.errors.ConditionSyntaxError property)
command() (sigma.cli.FuzzyAliasedGroup method)
CommandWithVerbosity (class in sigma.cli)
CommonSerializerSchema (class in sigma.serializer)
CommonSerializerSchema.Config (class in sigma.serializer)
compare() (sigma.serializer.LogSourceMatch method)
component (sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
condition (sigma.grammar.Selector property)
(sigma.schema.CountCorrelation attribute)
(sigma.schema.RuleDetection attribute)
conditions (sigma.serializer.LogSourceMatch attribute)
ConditionSyntaxError
CONTAINS (sigma.transform.ExpressionType attribute)
ContainsToMatch (class in sigma.transform)
copy_schema() (sigma.util.CopyableSchema class method)
CopyableSchema (class in sigma.util)
CoreExpression (class in sigma.grammar)
Correlation (class in sigma.schema)
CorrelationGreaterThan (class in sigma.schema)
CorrelationGreaterThanEqual (class in sigma.schema)
CorrelationLessThan (class in sigma.schema)
CorrelationLessThanEqual (class in sigma.schema)
CorrelationRange (class in sigma.schema)
CorrelationSimpleCondition (class in sigma.schema)
CorrelationType (class in sigma.schema)
CountCorrelation (class in sigma.schema)
CRITICAL (sigma.schema.RuleLevel attribute)
D
date (sigma.schema.Rule attribute)
dedup_key (sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
DEFAULT_FORMAT (sigma.serializer.elastic.ElasticSecurityRule attribute)
(sigma.serializer.Serializer attribute)
defaultindex (sigma.serializer.LogSourceRules attribute)
definition (sigma.schema.RuleLogSource attribute)
DEPRECATED (sigma.schema.RuleStatus attribute)
DERIVED (sigma.schema.RuleRelationType attribute)
description (sigma.schema.Rule attribute)
(sigma.serializer.CommonSerializerSchema attribute)
detection (sigma.schema.Rule attribute)
download() (sigma.mitre.Attack class method)
dumps() (sigma.serializer.elastic.ElasticSecurityRule method)
(sigma.serializer.Serializer method)
(sigma.serializer.TextQuerySerializer method)
DuplicateRuleNameError
E
ElasticSecurityActionType (class in sigma.serializer.elastic)
ElasticSecurityBaseAction (class in sigma.serializer.elastic)
ElasticSecurityBaseAction.Config (class in sigma.serializer.elastic)
ElasticSecurityEmailAction (class in sigma.serializer.elastic)
ElasticSecurityEmailAction.Config (class in sigma.serializer.elastic)
ElasticSecurityPagerDutyAction (class in sigma.serializer.elastic)
ElasticSecurityPagerDutyAction.Config (class in sigma.serializer.elastic)
ElasticSecurityRule (class in sigma.serializer.elastic)
ElasticSecurityRule.Schema (class in sigma.serializer.elastic)
ElasticSecurityRule.Schema.Config (class in sigma.serializer.elastic)
ElasticSecuritySlackAction (class in sigma.serializer.elastic)
ElasticSecuritySlackAction.Config (class in sigma.serializer.elastic)
ElasticSecurityWebhookAction (class in sigma.serializer.elastic)
ElasticSecurityWebhookAction.Config (class in sigma.serializer.elastic)
EMAIL (sigma.serializer.elastic.ElasticSecurityActionType attribute)
enable_rule (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
ENDSWITH (sigma.transform.ExpressionType attribute)
enumerate_builtin() (sigma.transform.Transformation class method)
eql (sigma.serializer.elastic.ElasticSecurityRule property)
escape (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
escaped_characters (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
event_action (sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
EVENT_COUNT (sigma.schema.CorrelationType attribute)
EventQueryLanguage (class in sigma.serializer.elastic)
EventQueryLanguage.Schema (class in sigma.serializer.elastic)
EventQueryLanguage.Schema.Config (class in sigma.serializer.elastic)
EXPERIMENTAL (sigma.schema.RuleStatus attribute)
Expression (class in sigma.grammar)
expression (sigma.schema.RuleDetection property)
(sigma.transform.FieldMatchReplace.Schema attribute)
ExpressionType (class in sigma.transform)
extra (sigma.schema.Rule.Config attribute)
(sigma.schema.RuleDetection.Config attribute)
(sigma.schema.RuleLogSource.Config attribute)
(sigma.serializer.elastic.ElasticSecurityRule.Schema.Config attribute)
(sigma.transform.AddTags.Schema.Config attribute)
(sigma.transform.FieldFuzzyMap.Schema.Config attribute)
(sigma.transform.FieldMap.Schema.Config attribute)
(sigma.transform.FieldMatchReplace.Schema.Config attribute)
(sigma.transform.Transformation.Schema.Config attribute)
F
falsepositives (sigma.schema.Rule attribute)
field (sigma.grammar.FieldComparison attribute)
(sigma.grammar.FieldEquality attribute)
(sigma.grammar.FieldLike attribute)
(sigma.transform.FieldMatchReplace.Schema attribute)
field_contains (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_endswith (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_equality (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_like (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_lookup (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_lookup_regex (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_match (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_not_empty (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_regex (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
field_startswith (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
FieldComparison (class in sigma.grammar)
FieldContains (class in sigma.grammar)
FieldEndsWith (class in sigma.grammar)
FieldEquality (class in sigma.grammar)
FieldFuzzyMap (class in sigma.transform)
FieldFuzzyMap.Schema (class in sigma.transform)
FieldFuzzyMap.Schema.Config (class in sigma.transform)
FieldLike (class in sigma.grammar)
FieldLookup (class in sigma.grammar)
FieldLookupRegex (class in sigma.grammar)
FieldMap (class in sigma.transform)
FieldMap.Schema (class in sigma.transform)
FieldMap.Schema.Config (class in sigma.transform)
FieldMatchReplace (class in sigma.transform)
FieldMatchReplace.Schema (class in sigma.transform)
FieldMatchReplace.Schema.Config (class in sigma.transform)
FieldNotEmpty (class in sigma.grammar)
FieldRegex (class in sigma.grammar)
fields (sigma.schema.Rule attribute)
FieldStartsWith (class in sigma.grammar)
filename (sigma.schema.IncludeSchema attribute)
from_dict() (sigma.serializer.Serializer class method)
from_parsed() (sigma.grammar.CoreExpression class method)
from_sigma() (sigma.schema.Rule class method)
from_yaml() (sigma.schema.Rule class method)
(sigma.serializer.Serializer class method)
FuzzyAliasedGroup (class in sigma.cli)
G
get_builtin_serializers() (in module sigma.serializer)
get_command() (sigma.cli.FuzzyAliasedGroup method)
get_expression() (sigma.schema.RuleDetection method)
get_serializer_class() (in module sigma.serializer)
get_tactic() (sigma.mitre.Attack method)
get_technique() (sigma.mitre.Attack method)
GRAMMAR_PARSER (sigma.schema.RuleDetection attribute)
group (sigma.serializer.elastic.ElasticSecurityBaseAction attribute)
(sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
group_by (sigma.schema.BaseCorrelation attribute)
grouping (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
gt (sigma.schema.CorrelationGreaterThan attribute)
gte (sigma.schema.CorrelationGreaterThanEqual attribute)
H
HIGH (sigma.schema.RuleLevel attribute)
I
id (sigma.mitre.Tactic attribute)
(sigma.mitre.Technique attribute)
(sigma.schema.Rule attribute)
(sigma.schema.RuleRelation attribute)
(sigma.serializer.elastic.ElasticSecurityBaseAction attribute)
Identifier (class in sigma.grammar)
identifier (sigma.grammar.Identifier property)
IncludeSchema (class in sigma.schema)
index (sigma.serializer.LogSourceMatch attribute)
INFORMATIONAL (sigma.schema.RuleLevel attribute)
interval (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
InvalidFieldValueError
InvalidModifierCombinationError
invoke() (sigma.cli.CommandWithVerbosity method)
iter_chunked() (in module sigma.util)
K
keyword (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
KeywordSearch (class in sigma.grammar)
KibanaQueryLanguage (class in sigma.serializer.elastic)
KibanaQueryLanguage.Schema (class in sigma.serializer.elastic)
KibanaQueryLanguage.Schema.Config (class in sigma.serializer.elastic)
kql (sigma.serializer.elastic.ElasticSecurityRule property)
L
language (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
level (sigma.schema.BaseCorrelation attribute)
(sigma.schema.Rule attribute)
license (sigma.schema.Rule attribute)
line (sigma.errors.ConditionSyntaxError property)
lineno (sigma.errors.ConditionSyntaxError property)
list_separator (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
load() (sigma.mitre.Attack class method)
(sigma.schema.IncludeSchema method)
(sigma.schema.Sigma class method)
(sigma.serializer.Serializer class method)
(sigma.transform.Transformation.Schema method)
log() (sigma.errors.SkipRule method)
LogicalAnd (class in sigma.grammar)
LogicalExpression (class in sigma.grammar)
LogicalNot (class in sigma.grammar)
LogicalOr (class in sigma.grammar)
logsource (sigma.schema.Rule attribute)
(sigma.serializer.CommonSerializerSchema attribute)
LogSourceMatch (class in sigma.serializer)
LogSourceMatch.Config (class in sigma.serializer)
LogSourceRules (class in sigma.serializer)
LogSourceRules.Config (class in sigma.serializer)
lookup_class() (sigma.transform.Transformation class method)
lookup_expression() (sigma.schema.RuleDetection method)
LOW (sigma.schema.RuleLevel attribute)
LowercaseString (class in sigma.schema)
lt (sigma.schema.CorrelationLessThan attribute)
lte (sigma.schema.CorrelationLessThanEqual attribute)
lucene (sigma.serializer.elastic.ElasticSecurityRule property)
LuceneQueryLanguage (class in sigma.serializer.elastic)
LuceneQueryLanguage.Schema (class in sigma.serializer.elastic)
LuceneQueryLanguage.Schema.Config (class in sigma.serializer.elastic)
M
mapping (sigma.transform.FieldFuzzyMap.Schema attribute)
(sigma.transform.FieldMap.Schema attribute)
match_rule() (sigma.serializer.LogSourceRules method)
max_signals (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
maximum (sigma.schema.CorrelationRange property)
MEDIUM (sigma.schema.RuleLevel attribute)
merge_config() (sigma.serializer.elastic.ElasticSecurityRule method)
(sigma.serializer.Serializer method)
MERGED (sigma.schema.RuleRelationType attribute)
merging (sigma.serializer.LogSourceRules attribute)
message (sigma.errors.ConditionSyntaxError property)
(sigma.serializer.elastic.ElasticSecurityEmailAction attribute)
(sigma.serializer.elastic.ElasticSecuritySlackAction attribute)
minimum (sigma.schema.CorrelationRange property)
MissingCorrelationRule
modified (sigma.schema.Rule attribute)
module
sigma
sigma.cli
sigma.cli.converter
sigma.cli.list
sigma.cli.mitre
sigma.cli.schema
sigma.cli.transform
sigma.cli.validate
sigma.errors
sigma.grammar
sigma.mitre
sigma.schema
sigma.serializer
sigma.serializer.elastic
sigma.transform
sigma.util
MultipleCorrelationError
N
name (sigma.schema.BaseCorrelation attribute)
(sigma.schema.RuleTag property)
(sigma.serializer.CommonSerializerSchema attribute)
(sigma.serializer.LogSourceMatch attribute)
namespace (sigma.schema.RuleTag property)
NoCorrelationDocument
not_format (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
O
OBSOLETES (sigma.schema.RuleRelationType attribute)
operator (sigma.grammar.Expression attribute)
(sigma.grammar.LogicalAnd attribute)
(sigma.grammar.LogicalExpression attribute)
(sigma.grammar.LogicalNot attribute)
(sigma.grammar.LogicalOr attribute)
or_format (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
output_index (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
P
PAGERDUTY (sigma.serializer.elastic.ElasticSecurityActionType attribute)
parent (sigma.grammar.Expression attribute)
(sigma.grammar.FieldEquality attribute)
(sigma.grammar.FieldLike attribute)
(sigma.grammar.Identifier attribute)
(sigma.grammar.Selector attribute)
parse_grammar() (sigma.schema.RuleDetection method)
parse_obj() (sigma.schema.Rule class method)
pattern (sigma.grammar.Selector property)
(sigma.transform.FieldMatchReplace.Schema attribute)
post_init() (sigma.schema.RuleDetection method)
postprocess() (sigma.grammar.CoreExpression method)
(sigma.grammar.Expression method)
(sigma.grammar.FieldLike method)
(sigma.grammar.Identifier method)
(sigma.grammar.LogicalAnd method)
(sigma.grammar.LogicalExpression method)
(sigma.grammar.LogicalNot method)
(sigma.grammar.LogicalOr method)
(sigma.grammar.Selector method)
prepend_result (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
product (sigma.schema.RuleLogSource attribute)
(sigma.serializer.LogSourceMatch attribute)
Q
quote (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
(sigma.serializer.TextQuerySerializer.Schema attribute)
R
range (sigma.schema.CorrelationRange attribute)
references (sigma.schema.Rule attribute)
related (sigma.schema.Rule attribute)
RENAMED (sigma.schema.RuleRelationType attribute)
risk_default (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
risk_map (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
Rule (class in sigma.schema)
rule (sigma.schema.BaseCorrelation attribute)
(sigma.schema.RuleDetection property)
Rule.Config (class in sigma.schema)
rule_separator (sigma.serializer.elastic.EventQueryLanguage.Schema attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema attribute)
RuleDetection (class in sigma.schema)
RuleDetection.Config (class in sigma.schema)
RuleDetectionFields (class in sigma.schema)
RuleDetectionList (class in sigma.schema)
RuleLevel (class in sigma.schema)
RuleLicense (class in sigma.schema)
RuleLogSource (class in sigma.schema)
RuleLogSource.Config (class in sigma.schema)
RuleRelation (class in sigma.schema)
RuleRelation.Config (class in sigma.schema)
RuleRelationType (class in sigma.schema)
rules (sigma.serializer.LogSourceRules attribute)
RuleStatus (class in sigma.schema)
RuleTag (class in sigma.schema)
RuleValidationError
S
schema (sigma.serializer.elastic.ElasticSecurityRule attribute)
Schema (sigma.serializer.Serializer attribute)
schema_extra (sigma.schema.Rule.Config attribute)
(sigma.schema.RuleDetection.Config attribute)
(sigma.schema.RuleRelation.Config attribute)
(sigma.serializer.CommonSerializerSchema.Config attribute)
(sigma.serializer.elastic.ElasticSecurityBaseAction.Config attribute)
(sigma.serializer.elastic.ElasticSecurityEmailAction.Config attribute)
(sigma.serializer.elastic.ElasticSecurityPagerDutyAction.Config attribute)
(sigma.serializer.elastic.ElasticSecurityRule.Schema.Config attribute)
(sigma.serializer.elastic.ElasticSecuritySlackAction.Config attribute)
(sigma.serializer.elastic.ElasticSecurityWebhookAction.Config attribute)
(sigma.serializer.elastic.EventQueryLanguage.Schema.Config attribute)
(sigma.serializer.elastic.KibanaQueryLanguage.Schema.Config attribute)
(sigma.serializer.elastic.LuceneQueryLanguage.Schema.Config attribute)
(sigma.serializer.LogSourceMatch.Config attribute)
(sigma.serializer.LogSourceRules.Config attribute)
(sigma.transform.AddTags.Schema.Config attribute)
(sigma.transform.FieldFuzzyMap.Schema.Config attribute)
(sigma.transform.FieldMap.Schema.Config attribute)
(sigma.transform.FieldMatchReplace.Schema.Config attribute)
(sigma.util.CopyableSchema attribute)
Selector (class in sigma.grammar)
serialize() (sigma.serializer.elastic.ElasticSecurityRule method)
(sigma.serializer.elastic.EventQueryLanguage method)
(sigma.serializer.Serializer method)
(sigma.serializer.TextQuerySerializer method)
Serializer (class in sigma.serializer)
SerializerNotFound
SerializerValidationError
service (sigma.schema.RuleLogSource attribute)
(sigma.serializer.LogSourceMatch attribute)
severity (sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
severity_default (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
severity_map (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
sigma
module
Sigma (class in sigma.schema)
sigma.cli
module
sigma.cli.converter
module
sigma.cli.list
module
sigma.cli.mitre
module
sigma.cli.schema
module
sigma.cli.transform
module
sigma.cli.validate
module
sigma.errors
module
sigma.grammar
module
sigma.mitre
module
sigma.schema
module
sigma.serializer
module
sigma.serializer.elastic
module
sigma.transform
module
sigma.util
module
SigmaError
SigmaValidationError
SimpleDate (class in sigma.schema)
skip_unknown (sigma.transform.FieldFuzzyMap.Schema attribute)
(sigma.transform.FieldMap.Schema attribute)
SkipRule
SLACK (sigma.serializer.elastic.ElasticSecurityActionType attribute)
source (sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
SOURCE_TYPES (sigma.mitre.Attack attribute)
STABLE (sigma.schema.RuleStatus attribute)
STARTSWITH (sigma.transform.ExpressionType attribute)
status (sigma.schema.Rule attribute)
subject (sigma.serializer.elastic.ElasticSecurityEmailAction attribute)
summary (sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
T
Tactic (class in sigma.mitre)
tactics (sigma.mitre.Attack attribute)
(sigma.mitre.Technique attribute)
tags (sigma.schema.Rule attribute)
(sigma.serializer.elastic.ElasticSecurityBaseAction attribute)
(sigma.transform.AddTags.Schema attribute)
target (sigma.transform.FieldMatchReplace.Schema attribute)
Technique (class in sigma.mitre)
techniques (sigma.mitre.Attack attribute)
TEMPORAL (sigma.schema.CorrelationType attribute)
TemporalCorrelation (class in sigma.schema)
TEST (sigma.schema.RuleStatus attribute)
TESTING (sigma.schema.RuleStatus attribute)
TextQuerySerializer (class in sigma.serializer)
TextQuerySerializer.Schema (class in sigma.serializer)
timeframe (sigma.schema.RuleDetection attribute)
timespan (sigma.schema.BaseCorrelation attribute)
timestamp (sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
timestamp_override (sigma.serializer.elastic.ElasticSecurityRule.Schema attribute)
title (sigma.mitre.Tactic attribute)
(sigma.mitre.Technique attribute)
(sigma.schema.Rule attribute)
to (sigma.serializer.elastic.ElasticSecurityEmailAction attribute)
to_detection() (sigma.grammar.Base64FieldEquality method)
(sigma.grammar.Expression method)
(sigma.grammar.FieldComparison method)
(sigma.grammar.FieldContains method)
(sigma.grammar.FieldEndsWith method)
(sigma.grammar.FieldEquality method)
(sigma.grammar.FieldLike method)
(sigma.grammar.FieldNotEmpty method)
(sigma.grammar.FieldRegex method)
(sigma.grammar.FieldStartsWith method)
(sigma.grammar.KeywordSearch method)
(sigma.grammar.LogicalAnd method)
(sigma.grammar.LogicalNot method)
(sigma.grammar.LogicalOr method)
to_field_with_modifiers() (sigma.grammar.FieldComparison method)
(sigma.grammar.FieldContains method)
(sigma.grammar.FieldEndsWith method)
(sigma.grammar.FieldLookupRegex method)
(sigma.grammar.FieldRegex method)
(sigma.grammar.FieldStartsWith method)
to_rule_format() (sigma.serializer.elastic.ElasticSecurityBaseAction method)
(sigma.serializer.elastic.ElasticSecurityEmailAction method)
(sigma.serializer.elastic.ElasticSecurityPagerDutyAction method)
(sigma.serializer.elastic.ElasticSecuritySlackAction method)
(sigma.serializer.elastic.ElasticSecurityWebhookAction method)
to_severity() (sigma.schema.RuleLevel method)
to_sigma() (sigma.schema.Rule method)
transform() (sigma.schema.Rule method)
(sigma.schema.RuleDetection method)
(sigma.serializer.Serializer method)
transform_expression() (sigma.transform.ContainsToMatch method)
(sigma.transform.FieldFuzzyMap method)
(sigma.transform.FieldMap method)
(sigma.transform.FieldMatchReplace method)
(sigma.transform.Transformation method)
transform_rule() (sigma.transform.AddTags method)
(sigma.transform.Transformation method)
transform_serializer() (sigma.transform.Transformation method)
Transformation (class in sigma.transform)
Transformation.Schema (class in sigma.transform)
Transformation.Schema.Config (class in sigma.transform)
transforms (sigma.serializer.CommonSerializerSchema attribute)
(sigma.serializer.elastic.EventQueryLanguage attribute)
(sigma.serializer.elastic.KibanaQueryLanguage attribute)
(sigma.serializer.elastic.LuceneQueryLanguage attribute)
(sigma.serializer.TextQuerySerializer attribute)
TransformValidationError
type (sigma.schema.BaseCorrelation attribute)
(sigma.schema.CountCorrelation attribute)
(sigma.schema.RuleRelation attribute)
(sigma.schema.TemporalCorrelation attribute)
(sigma.serializer.elastic.ElasticSecurityBaseAction attribute)
(sigma.serializer.elastic.ElasticSecurityEmailAction attribute)
(sigma.serializer.elastic.ElasticSecurityPagerDutyAction attribute)
(sigma.serializer.elastic.ElasticSecuritySlackAction attribute)
(sigma.serializer.elastic.ElasticSecurityWebhookAction attribute)
(sigma.transform.AddTags.Schema attribute)
(sigma.transform.FieldFuzzyMap.Schema attribute)
(sigma.transform.FieldMap.Schema attribute)
(sigma.transform.FieldMatchReplace.Schema attribute)
(sigma.transform.Transformation.Schema attribute)
U
UnknownIdentifierError
UnknownModifierError
UnknownRuleNameError
UnknownTransform
UNSUPPORTED (sigma.schema.RuleStatus attribute)
UnsupportedFieldComparison
UnsupportedSerializerFormat
update_expression() (sigma.schema.RuleDetection method)
url (sigma.mitre.Tactic property)
(sigma.mitre.Technique property)
utf16_modifier() (in module sigma.grammar)
utf16be_modifier() (in module sigma.grammar)
utf16le_modifier() (in module sigma.grammar)
V
VALID_TYPES (sigma.transform.FieldMatchReplace attribute)
validate() (sigma.schema.RuleTag class method)
validate_detection() (sigma.schema.RuleDetection class method)
(sigma.serializer.LogSourceMatch class method)
value (sigma.grammar.Base64FieldEquality attribute)
(sigma.grammar.FieldComparison attribute)
(sigma.grammar.FieldContains attribute)
(sigma.grammar.FieldEndsWith attribute)
(sigma.grammar.FieldEquality attribute)
(sigma.grammar.FieldLike attribute)
(sigma.grammar.FieldLookup attribute)
(sigma.grammar.FieldLookupRegex attribute)
(sigma.grammar.FieldNotEmpty attribute)
(sigma.grammar.FieldRegex attribute)
(sigma.grammar.FieldStartsWith attribute)
(sigma.grammar.KeywordSearch attribute)
(sigma.schema.CorrelationSimpleCondition property)
VALUE_COUNT (sigma.schema.CorrelationType attribute)
visit() (sigma.grammar.Expression method)
W
WEBHOOK (sigma.serializer.elastic.ElasticSecurityActionType attribute)
wide_modifier() (in module sigma.grammar)
Related Topics
Documentation index
Quick search