Merge pull request #37 from Cyb3rWard0g/revert-36-devel-sigma

Revert "Sigma integration"

README.md

@@ -22,7 +22,6 @@ The project is currently in an alpha stage, which means that the code and the fu
 * **Spark:** A fast and general-purpose cluster computing system. It provides high-level APIs in Java, Scala, Python and R, and an optimized engine that supports general execution graphs.
 * **GraphFrames:** A package for Apache Spark which provides DataFrame-based Graphs.
 * **Jupyter Notebook:** An open-source web application that allows you to create and share documents that contain live code, equations, visualizations and narrative text.
-* **Sigma:** A generic signature format for log events. All Sigma signatures contained in the repository are preloaded into Kibana.
 
 # Resources
 * [Setting up a Pentesting.. I mean, a Threat Hunting Lab - Part 5](https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html)
@@ -33,7 +32,6 @@ The project is currently in an alpha stage, which means that the code and the fu
 * [Elasticsearch Guide](https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html)
 * [spujadas elk-docker](https://github.com/spujadas/elk-docker)
 * [deviantony docker-elk](https://github.com/deviantony/docker-elk)
-* [Sigma](https://github.com/Neo23x0/sigma)
 
 # Getting Started
 ## WIKI

helk-elk/Dockerfile

@@ -26,10 +26,7 @@ RUN echo "[HELK-DOCKER-INSTALLATION-INFO] Updating Ubuntu base image.." \
   nano \
   python \
   python-pip \
-  python3-pip \
-  unzip \
-  git \
-  jq
+  unzip
 
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
@@ -38,7 +35,6 @@ RUN apt-get -qy clean \
 
 # *********** Upgrading PIP ***************
 RUN pip install --upgrade pip
-RUN pip3 install --upgrade pip
 
 # *********** Installing HELK python packages ***************
 RUN pip install \
@@ -47,7 +43,7 @@ RUN pip install \
 
 # *********** Creating the right directories ***************
 #RUN bash -c 'mkdir -pv /opt/helk/{scripts,training,otx,es-hadoop,spark,output_templates,dashboards,kafka,elasticsearch,logstash,kibana,cerebro,ksql}'
-RUN bash -c 'mkdir -pv /opt/helk/{scripts,otx,output_templates,dashboards,elasticsearch,logstash,kibana,cerebro,ksql,sigma}'
+RUN bash -c 'mkdir -pv /opt/helk/{scripts,otx,output_templates,dashboards,elasticsearch,logstash,kibana,cerebro,ksql}'
 
 # *********** Adding HELK scripts and files to Container ***************
 ADD scripts/helk_otx.py /opt/helk/scripts/
@@ -135,10 +131,6 @@ ADD enrichments/otx/ /opt/helk/otx/
 RUN cronjob="0 8 * * 1 python /opt/helk/scripts/helk_otx.py" \
   && echo "$cronjob" | crontab
 
-# *********** Pulling Sigma Git Repository and install Python dependencies *************
-RUN git clone https://github.com/Neo23x0/sigma.git /opt/helk/sigma
-RUN pip3 install -r /opt/helk/sigma/tools/requirements.txt
-
 # *********** Install Cerebro ***************
 ENV CEREBRO_HOME=/opt/helk/cerebro
 ENV CEREBRO_LOGS_PATH=/var/log/cerebro

helk-elk/scripts/elk-kibana-setup.sh

@@ -17,7 +17,6 @@ KIBANA="http://localhost:5601"
 TIME_FIELD="@timestamp"
 DEFAULT_INDEX="logs-endpoint-winevent-sysmon-*"
 DIR=/opt/helk/dashboards
-SIGMA_DIR=/opt/helk/sigma
 
 # *********** Setting Index Pattern Array ***************
 declare -a index_patterns=("logs-endpoint-*" "logs-*" "logs-endpoint-winevent-sysmon-*" "logs-endpoint-winevent-security-*" "logs-endpoint-winevent-system-*" "logs-endpoint-winevent-application-*" "logs-endpoint-winevent-wmiactivity-*" "logs-endpoint-winevent-powershell-*")
@@ -47,8 +46,3 @@ do
     -H 'Content-type:application/json' -d @${file} || exit 1
     echo
 done
-
-# *********** Loading Sigma searches ***************
-cd $SIGMA_DIR
-tools/sigmac -t kibana -c tools/config/helk.yml -Ooutput=curl -o import-sigma-to-kibana.sh -r rules/
-. import-sigma-to-kibana.sh