This is picker v2. It uses sigma-cli now. If you'd want to access v1 that used sigmac go to picker1 branch
Pick and convert to specific backends for sigma rules while inside neovim
I hate 2 things; excessive typing and Real Madrid 😂
I also write sigma rules a lot. To make my workflow a bit easier for me, I made this plugin to convert to a specific backend with a few keystrokes. Sigma_picker.nvim helps me to streamline my workflow and do conversions without even thinking. I have been using it for a while and thought maybe someone else will benefit from it.
Once you are comfortable with the rule you wrote, call the backend picker and choose
Now choose the preferred config
Your rule should be compiled and you'll get a result like this:
In action
- telescope.nvim
- sigma-cli installed in your path.
Using lazy for example:
require("lazy").setup({
{
"pop-ecx/sigma_picker.nvim",
dependencies = { "nvim-telescope/telescope.nvim" },
},
})set your keymap like so
local spick = require("sigma_picker")
spick.setup({})
vim.keymap.set('n', '<leader>dz', spick.sigma_picker, {noremap = true , silent = true})There is also a utility for installing sigma-cli backends and pipelines
Add a keymap like below to use it
vim.keymap.set("n", "<leader>si", function()
require("sigma_picker.installer").install_sigma_target()
end, { desc = "Install Sigma Target" })or just run
:lua require("sigma_picker.installer").install_sigma_target()
Since version 1.2.1, sigma_picker creates a local cache the first time you try to install a sigma plugin. This helps speed up subsequent plugin installations. In case you want to clear the cache, run
:lua require("sigma_picker.installer").refresh_cache()
It doesn't actually refresh, it just removes the cache. You have to run the installer again to get a new cache. All performance penalties will apply, just like installing the first time.
Check installed targets or pipelines??
run:
:lua require("sigma_picker.targets").list_targets() or
:lua require("sigma_picker.targets").list_pipelines()
Since version 1.2.2, you can also uninstall plugins. The local cache now has a
way to track installed plugins we no longer need local cache tracking see here.
To uninstall a plugin, run
:lua require("sigma_picker.installer").uninstall_sigma_target()
This will bring up a picker with all installed plugins. Choose the one you want to uninstall and it will be removed from your system. The cache will update accordingly.
I'm using sigmac. I know it's deprecated. Thanks for reminding me. Successfully moved to sigma-cli
I also wrote a silly little lsp to help me when writing sigma rules. You can get it here. Works pretty well with the picker
Has been tested on neovim 0.9.5.
Should work on neovim >=0.9.5
[ ] Add a few more backends to be converted- Move from sigmac to sigma-cli
[ ] Setup function is still WIP