pySigma tql Backend
This is the tql backend for pySigma. It provides the package `sigma.backends.trellix-helix` with the `tqlBackend` class.
Further, it contains the following processing pipelines in `sigma.pipelines.trellix-helix`:
It supports the following output formats:
- default: plain tql queries
Sigma CLI
You can quickly convert a single rule or rules in a directory structure using Sigma CLI. You can use:
`sigma convert -t tqlBackend -s ~/sigma/rules` where -t is the target query language and -s is the Sigma rule or rules directory you wish to convert.
Stand-alone Script
The following example script demonstrates how you can use the Helix backend to generate TQL queries for the following Sigma rules:
shell
python trellix_helix.py ../../sigma/rules-threat-hunting/windows/process_creation