Help
FortiSIEM Discussions
adem_netsys
Contributor II

Created on ‎06-10-2025 05:58 AM

Sigma Rules Convertor

Hi guys,

 

As you know, we can import sigma rules to Siem, but in some cases the content does not fit and does not accept. How can we overcome this situation, is there a tool you use to convert?

 

For example: https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_file_or_folder_permission...

 

Error in the FortiSIEM:Failed to convert sigma rule to fsiem rule: Failed to converted:
There is no EventID or EventCode in Sigma rule.

309
0 Kudos
2 REPLIES 2
cdurkin_FTNT
Staff
Staff

Created on ‎06-10-2025 08:21 AM

Today only Windows sigma rules are supported via the converter.

You can try 3rd party sites like https://uncoder.io/ but sometimes it is just easier to manually create the rule.

290
0 Kudos
adem_netsys
Contributor II
In response to cdurkin_FTNT

Created on ‎06-11-2025 06:03 AM

So, how can i do it for the linux rules?

 

Thanks

261
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.