Sigma date format different than ISO 8601 #32
Comments
|
Hi @wikijm Thanks for this issue, and yes, you can open a PR with your fix its fine. Just FYI I already have some tuning to the sigma gen script that i'm gonna push to fix some other issues. |
Merged
wikijm
added a commit
to wikijm/LOLRMM
that referenced
this issue
Nov 14, 2024
magicsword-io#32 According to the Sigma Rules Specification, the date format in Sigma rule files must follow the ISO 8601 standard, using the separator format (YYYY-MM-DD instead of YYYY/MM/DD).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi everyone!
According to the Sigma Rules Specification, the date format in Sigma rule files must follow the ISO 8601 standard, using the separator format (YYYY-MM-DD instead of YYYY/MM/DD).
I’ve made a change in the main...wikijm:LOLRMM:patch-1 branch, but I’m not entirely sure if I modified the correct part of the code. Additionally, I’m uncertain if this change might affect other mechanisms in your GitHub repository or on the lolrmm.io website.
The reason for this change is that when I try to transform, with that repo, your Sigma rules to SentinelOne Power Query using sigma-cli through GitHub Actions, I encounter the following error message: “Error occurred while processing […]_sigma.yml: Rule date ‘YYYY/MM/DD’ is invalid, must be yyyy-mm-dd”:
If this request makes sense, I can create a pull request accordingly.
Thank you for this project; I’m happy to use it for Threat Hunting! 😃
The text was updated successfully, but these errors were encountered: