This is the panther backend for pySigma. It provides the package sigma.backends.panther with the PantherBackend class.
It supports the following output formats:
- default: Panther Python Detections format
- sdyaml (
-f sdyaml): Panther YAML Detections To save each rule in separate file you can useoutput_dirbackend option.
$ sigma convert -t panther path/to/rules -p panther -O output_dir=output/directory or $ sigma convert -t panther -f sdyaml path/to/rules -p panther -O output_dir=output/directory
Further, it contains the following processing pipelines in sigma.pipelines.panther:
- panther_pipeline: Convert known Sigma field names into their Panther schema equivalent
Clone this repo, cd into it and run:
poetry install
that is all you need to do.
Now you can run tests with:
poetry run pytest
To convert rules to panther sdyaml format run:
poetry run sigma convert -t panther -f sdyaml -p panther path_to_sigma_rule.yml