List installed plugin by package name

[pop-ecx]

Is there a way to query which plugins are currently installed by package name?

The problem

sigma plugin list shows all available plugins that can potentially be installed. sigma list targets and sigma list pipelines show what is installed, but only expose the backend/pipeline identifiers they provide, not the plugin package names.

For example, installing the elasticsearch plugin makes lucene, eql, esql, and elastalert appear in sigma list targets, but nothing maps those identifiers back to elasticsearch. So if I want to programmatically run sigma plugin uninstall elasticsearch, I have no reliable way to know it is installed in the first place, since elasticsearch does not appear as an output when running sigma list targets.

I have checked the docs but I'm not finding anything to help me with this.

Question

Is there a command or flag I am missing that exposes installed plugin state by package name? If not, would the team be open to adding a flag to sigma list targets so it can output installed plugin by package name like opensearch, elasticsearch etc.? Happy to open a formal feature request if that is the right next step.

[thomaspatzke]

Valid request! I created an issue and assigned to Copilot for implementation.

[thomaspatzke]

Done! This is how it looks like:

> sigma list targets
+-------------+----------------------------------------+------------------------------+---------------+
| Identifier  | Target Query Language                  | Processing Pipeline Required | Plugin        |
+-------------+----------------------------------------+------------------------------+---------------+
| lucene      | Elasticsearch Lucene                   | Yes                          | elasticsearch |
| eql         | Elasticsearch EQL                      | Yes                          | elasticsearch |
| esql        | ES|QL backend                          | Yes                          | elasticsearch |
| elastalert  | Elasticsearch Elastalert               | Yes                          | elasticsearch |
| splunk      | Splunk SPL & tstats data model queries | Yes                          | splunk        |
| splunk_spl2 | Splunk SPL2 queries                    | Yes                          | splunk        |
+-------------+----------------------------------------+------------------------------+---------------+

Check out Sigma CLI 2.0.2!

[pop-ecx]

Awesome. Thanks.