Sigma to LEQL Detection Pipeline
A pipeline that converts community Sigma rules into Rapid7 InsightIDR's LEQL so detections aren't written twice.
- Python
- Sigma
- Rapid7 InsightIDR
- LEQL
01 / Gap The detection backlog
The Sigma project is the closest thing detection engineering has to a shared library, but InsightIDR speaks LEQL, not Sigma. Porting rules by hand is slow and error-prone, so most teams either skip the community corpus or maintain a second copy of every rule.
Full writeup in progress.