Description
Replace the current regex-based detection engine in Krawl with a Sigma Rules based detection system.
Instead of relying only on static regular expressions, Sigma Rules would provide a more structured, scalable, and community-driven way to detect malicious behavior, attack patterns, and suspicious activity.
Proposed Changes
- Remove or deprecate the current regex-only detection logic.
- Integrate a Python Sigma Rules engine/library for rule parsing and matching (pySigma).
- Support loading custom Sigma rule files from a dedicated rules directory.
- Trigger alerts when logs or requests match Sigma detections.
- Allow hot-reloading or dynamic updates of rules without restarting Krawl.
Description
Replace the current regex-based detection engine in Krawl with a Sigma Rules based detection system.
Instead of relying only on static regular expressions, Sigma Rules would provide a more structured, scalable, and community-driven way to detect malicious behavior, attack patterns, and suspicious activity.
Proposed Changes