Skip to content

j91321/sigma-playground

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

img

img

 
 

public

public

 
 

src

src

 
 

.browserslistrc

.browserslistrc

 
 

.eslintrc.js

.eslintrc.js

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

babel.config.js

babel.config.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

vue.config.js

vue.config.js

 
 

Repository files navigation

sigma-playground

GitHub license GitHub last commit Mastodon Follow

Small interactive playground to experiment with the Sigma generic rule format and sigmatools converter without the need to install anything.

Sigma playground

How does it work

The playground has three components:

  • Monaco Editor (code editor that powers VS Code)
  • Pyodide (Python distribution for the browser based on WebAssembly)
  • BrowserFS (An in-browser filesystem that supports various backends)

These three components are ducktaped together in Vue 3 app to create a static site that operates entirely in your browser.

A slightly modified version of sigmatools is installed into Pyodide to get you started on experimenting with Sigma.

None of your work leaves your browser, everything is stored in browser LocalStorage. Internet connection however is required because some components are loaded from CDN.

Used icons are from vscode-codicons

Why?

When I was doing a workshop on Sigma for some university students I wanted to show them that different configs and backend options can greatly change the output query. While uncoder.io is a great tool it simplifies the process a bit too much for learning purposes.

I also wanted to learn a modern JavaScript framework like Vue 3 and needed a learning project.

Disclaimer

I am in no sense of the word a frontend developer. I think the Vue code is ok, but the CSS it hot garbage and I'm aware of that.

This is work-in-progress. There may be combinations of targets and configs that don't work for various reasons and I am familiar only with some of the backends to test the output. If you encounter any problem that doesn't manifest in sigmatools when used normally please raise an issue.

Usage

Write Sigma rule in input editor on the left, pick target and config in the Settings tab and hit play. Output should display in the output read-only editor on the right side.

The bottom of the editor will show you the sigma command you are executing and any Errors/Warnings that may have occurred.

Monaco Editor tips

You can press F1 to open editor menu (or right-click). There are a few useful commands added:

  • Load Sigma Rule Template - replaces input editor with a Sigma rule template
  • Generate GUID also (Ctrl+Alt+g) - generates GUID on cursor

Project setup

npm install

Compiles and hot-reloads for development

npm run serve

Compiles and minifies for production

npm run build

Lints and fixes files

npm run lint

License

MIT

except the contents of src/assets/configs and the sigmatools wheel file in public/ these are taken/based on Sigma project toolchain and are published under General Public License.

About

Simple browser playground for Sigma rule format.

j91321.github.io/sigma-playground/

Topics

security elasticsearch splunk logging sysmon siem monaco-editor sigma pyodide sigma-rules

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages