Metadata-Version: 2.4
Name: detect-droid
Version: 0.3.1
Summary: Detection Rules Optimisation Integration Deployment
Home-page: https://github.com/certeu/droid
Author: cert-eu/mlc
Author-email: services@cert.europa.eu
License: "EUPL-1.2"
Requires-Python: >=3.11.8
Description-Content-Type: text/markdown
License-File: LICENSE
License-File: NOTICE
Requires-Dist: PyYAML==6.0.3
Requires-Dist: pySigma==1.3.1
Requires-Dist: ruamel.yaml==0.19.1
Requires-Dist: azure-common==1.1.28
Requires-Dist: azure-core==1.39.0
Requires-Dist: azure-identity==1.25.3
Requires-Dist: azure-mgmt-core==1.6.0
Requires-Dist: azure-mgmt-monitor==7.0.0
Requires-Dist: azure-mgmt-resource==25.0.0
Requires-Dist: azure-mgmt-resource-subscriptions==1.0.0b1
Requires-Dist: azure-mgmt-resourcegraph==8.0.1
Requires-Dist: azure-mgmt-securityinsight==2.0.0b2
Requires-Dist: azure-monitor-query==2.0.0
Requires-Dist: splunk-sdk==2.1.1
Requires-Dist: python-json-logger==4.1.0
Requires-Dist: requests==2.33.1
Requires-Dist: elasticsearch==9.3.0
Requires-Dist: typer==0.24.1
Requires-Dist: rich==15.0.0
Dynamic: license-file

# droid

`droid` is a PySigma wrapper allowing an easy adoption of [Sigma](https://sigmahq.io/) and helps enabling Detection-As-Code. The ultimate goal of `droid` is to consume a repository Sigma rules and deploy them on one or multiple platform (SIEM/EDR). The tool also supports plain SIEM/EDR search queries.

![droid workflow](./resources/droid_workflow.png)

## 🚀 Features

Key features are:

1. **Validate** the syntax of Sigma rules
2. **Convert** them by applying a set of transforms per log source and platform
3. **Search** in logs and report on findings
4. **Test** the rules by leveraging Atomic Red Team™ (work in progress)
5. **Deploy** them with any compatible SIEM and EDR (.e.g. Splunk, Microsoft Sentinel)

## 🚂 Get started

To get started with the tool, visit the [documentation page](https://certeu.github.io/droid-docs/getting-started/) and configure `droid` for your environment.

Note: Python version 3.11.8+ is required

## 📚 Resources

- [Sigma Unleashed: A Realistic Implementation](https://www.first.org/resources/papers/conf2024/1315-1350-Sigma-Unleashed-Mathieu-Le-Cleach.pdf)

## License

Licensed under the EUPL.
