Skip to content

aboutcode-data/detection-rules-collector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.github/workflows
.github/workflows
 
 
data
data
 
 
rules
rules
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pipeline.py
pipeline.py
 
 
rules_collector.py
rules_collector.py
 
 

Repository files navigation

detection-rules-collector

Collect vulnerability scanner rules (Sigma, YARA, Suricata, ClamAV entries)

File structure:

We store the collected and parsed data in the data directory. For each Git repository URL, we generate a SHA-256 hash of the URL.

For example, for: https://github.com/SigmaHQ/sigma we store it as: data/sigma/006d8a4d6e3ea24949907ea9c22f1d5b06467ceaa9e35c49aa44866c854c8901

For ClamAV entries, we store the parsed data in JSON files
(e.g., data/main_ldb.json, data/main_hdb.json).

JSON file structure

For (Sigma, YARA, Suricata):

{
    "source_url": "https://...",
    "rules": [
        {
            "rule_metadata": {...},
            "rule_text": "...",
            "vulnerabilities": ["CVE-...", "GHSA-..."]
        }, 
      ...
    ]
}

For ClamAV entries, the JSON structure has an additional field called source_filename to indicate the origin file (e.g., main.ldb).

Testing

Ensure you have pytest installed by running this command:

pip install pytest

Then, you can run the tests using this command:

python -m pytest test/ -v

About

Collect vulnerability scanner rules (Sigma, YARA, Suricata, ClamAV entries)

Resources

Readme

License

CC-BY-SA-4.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages