Skip to content

Getting started

Installation

droid is published as a Python package and can be installed with pip in a virtual environment or in a Docker container. The installation is straightforward:

  • Install droid and the desired Sigma backends and pipelines
  • Configure your droid configuration file
  • Configure your Sigma pipelines
  • Optional: Validate your rules using pySigma validators

If you already have a repository containing all your Sigma rules or if you wish to start from scratch we made available a repository to start with droid by cloning it.

Install droid

  1. Open up a terminal and install droid with:
pip install detect-droid

pip install detect-droid=="0.1.X"

Install the Sigma backends

For instance, if you intend to use the following backends:

pip install pysigma-backend-splunk
pip install pysigma-backend-kusto
pip install pySigma-backend-elasticsearch
Note

You will find the full list of backends on the Sigma documentation page.

Install additional Sigma pipelines

This is optional but you can install additional pipelines. For instance:

pip install pysigma-pipeline-windows # (1)!
  1. Windows logsource to Channel field and generic logsource to Windows audit events mapping
Note

You will find the full list of pipelines on the Sigma documentation page. Select "Pipelines" from "Plugin Type".