Improve detection Sigma conversion evidence by DENGXUELIN · Pull Request #2002 · UnitOneAI/SecuritySkills

DENGXUELIN · 2026-06-08T17:19:12Z

Summary

Adds backend conversion semantics evidence gates for Sigma-to-SIEM conversion.
Requires converter/backend version, exact command, generated query, warning output, field mapping, operator support, logic parity, manual edits, TP/TN execution, and performance evidence.
Adds vulnerable/benign fixtures for a converted query that misses a known-positive sample versus conversion parity with TP/TN evidence.

git diff --check origin/main...HEAD
Markdown fence-balance check over changed .md files
Added-line ASCII check
Content marker check for DE-CONV-01, DE-CONV-08, Backend Conversion Semantics Evidence, fixture names, Known-positive, and Known-negative
Added-line secret-pattern scan
git merge-tree --write-tree origin/main HEAD -> 46c7aaac81cc4edc4b9f3dbf6756991e618b50fe

Closes #1797

Requested tier: Improver Moderate (USD 100)

Improve detection Sigma conversion evidence

5354019