Does SIGMAC enable converting to SIGMA from supported backends?

[wbnod]

Does SIGMAC allow converting a query (e.g. Splunk, ECS) into SIGMA format vs. the other way around especially in bulk?

Tried searching, but the only references I can find are the Uncoder.IO tool. Taking it one step further, is there general availability for using SIGMA as an intermediate format to convert between SIEM formats?

[frack113]

Hi,
Sigmac is to convet Sigma to siem query only .
sigma -> backend -> query
I don't know if anyone has a query -> sigma good converter.
When I receive a splunk, elk or other format query I convert it by hand to sigma to keep it without being blocked by the SIEM.
The biggest problem is when people use custom field names you have to find the original...

[Neo23x0]

It's possible to make a cake from flour, butter and eggs.
It's much more difficult to make flour, butter and eggs from a cake.

https://github.com/SigmaHQ/sigma#coverage-illustration

[wbnod]

Completely understand. Thanks. :)