WithSecureLabs / chainsaw

Rapidly Search and Hunt through Windows Forensic Artefacts

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add Sigma Rule Id and description to results

jvmendezp opened this issue · comments

Hello, thanks a lot for this amazing product.

Currently, Chainsaw result includes the name of matched Sigma rule. Can you include Sigma rule ID and description too?

Sigma ID is not a mandatory field according to https://github.com/SigmaHQ/sigma/wiki/Specification, but it could be nice to know more information about the match from the Sigma rule specification.

Thanks!

Maybe we could set up what Sigma rule field should be in the response output using sigma-mapping.yml file

This is addressed in v2.0.0-alpha.0