This repository is part of the WHS 3rd OCSF-based Security Log Integration and Analysis Project. It detects attacks by running Sigma rules (via PySigma) on OCSF logs in Elasticsearch, and uses Python scripts to analyze log patterns by IP for behavior-based detection.
pysigma-pattern-match/
├── main.py #main executable file
├── rule_manager.py #sigma rules dictionary management
├── state_tracker.py #pattern-based detection
├── notifier.py #manage Slack notifications
├── rules/ #rules .yml directory
├── patterns/ #pattern .json directory
└── README.md
3 directories, 24 filesCode Author : @eoadkw, @Pandyo ,@bsk2002