This artifact allows importing curated Sigma rules from https://sigma.velocidex.com
Collect this artifact on the server to automatically import or update these artifacts.
name: Server.Import.CuratedSigma
description: |
This artifact allows importing curated Sigma rules from
https://sigma.velocidex.com
Collect this artifact on the server to automatically import or
update these artifacts.
type: SERVER
required_permissions:
- SERVER_ADMIN
parameters:
- name: Prefix
description: Add this prefix to imported artifacts
validating_regex: '^[a-zA-Z0-9_.]*$'
sources:
- query: |
LET URL <= "https://sigma.velocidex.com/Velociraptor.Sigma.Artifacts.zip"
SELECT * FROM Artifact.Server.Import.ArtifactExchange(
Prefix=Prefix, ExchangeURL=URL)