Execute Sigma Rules

VAST can interpret Sigma rules as an alternative to a VAST query. Simply provide it on standard input to the export command:

vast export json < sigma-rule.yaml

This requires that you built VAST with the Sigma frontend.

Compatibility

VAST does not yet support all Sigma features. Please consult the compatbility section in the documentation for details.