Introduction of Wazuh backend?

[Adamkadaban]

Wazuh is an open source SIEM / XDR that's been getting a lot more popular recently.
I think the active response features here make it a prime backend for sigma rules

There's already been a few projects that have attempted to do this (sigWah being the main one), but it has since been archived, as sigma rules are more expressive than Wazuh / OSSEC rules

If there's interest in this from the maintainers and from the community, it's something I'd be happy to work on.

[slincoln-aiq]

Thanks for the suggestion! This library doesn't implement any conversions natively - it relies on the other pySigma backend & pipeline packages, such as pysigma-backend-microsoft365defender, pysigma-backend-sentinelone, etc. and includes them in the projects dependencies.

The current list of backend/pipeline plugins for pySigma that can be installed with sigma-cli/pySigma plugin manager can be found here: https://github.com/SigmaHQ/pySigma-plugin-directory/blob/main/pySigma-plugins-v1.json

I don't see Wazuh in that list, so it looks like it hasn't been created yet. Luckily, the folks at SigmaHQ provide this cookiecutter template that users can install and modify to create their own backends and pipelines for the community. We don't have plans at this time to create a backend for Wazuh, but if you are interested in creating it yourself, I, as well as the pySigma community, would definitely appreciate it! If you do decide to create it, let us know once its on PyPI and I can add it to the project dependencies and implement it within this project.