Added ConvertTypeTransformation (convert_type)

docs/Processing_Pipelines.rst

@@ -268,6 +268,7 @@ definitions are available:
    "map_string", "MapStringTransformation"
    "regex", "RegexTransformation"
    "set_value", "SetValueTransformation"
+   "convert_type", "ConvertTypeTransformation
    "set_state", "SetStateTransformation"
    "rule_failure", "RuleFailureTransformation"
    "detection_item_failure", "DetectionItemFailureTransformation"
@@ -319,6 +320,7 @@ YAML example:
 
 .. autoclass:: sigma.processing.transformations.RegexTransformation
 .. autoclass:: sigma.processing.transformations.SetValueTransformation
+.. autoclass:: sigma.processing.transformations.ConvertTypeTransformation
 .. autoclass:: sigma.processing.transformations.SetStateTransformation
 .. autoclass:: sigma.processing.transformations.RuleFailureTransformation
 .. autoclass:: sigma.processing.transformations.DetectionItemFailureTransformation

sigma/processing/transformations.py

@@ -877,6 +877,24 @@ def apply_value(self, field: str, val: SigmaType) -> SigmaType:
         return self.sigma_value
 
 
+@dataclass
+class ConvertTypeTransformation(ValueTransformation):
+    """
+    Convert type of value. The conversion into strings and numbers is currently supported.
+    """
+
+    target_type: Literal["str", "num"]
+
+    def apply_value(self, field: str, val: SigmaType) -> Optional[Union[SigmaString, SigmaNumber]]:
+        if self.target_type == "str":
+            return SigmaString(str(val))
+        elif self.target_type == "num":
+            try:
+                return SigmaNumber(str(val))
+            except SigmaValueError:
+                raise SigmaValueError(f"Value '{val}' can't be converted to number for {str(self)}")
+
+
 @dataclass
 class SetStateTransformation(Transformation):
     """Set pipeline state key to value."""
@@ -938,6 +956,7 @@ def apply_detection_item(self, detection_item: SigmaDetectionItem) -> None:
     "set_state": SetStateTransformation,
     "regex": RegexTransformation,
     "set_value": SetValueTransformation,
+    "convert_type": ConvertTypeTransformation,
     "rule_failure": RuleFailureTransformation,
     "detection_item_failure": DetectionItemFailureTransformation,
 }

tests/test_processing_transformations.py

@@ -14,6 +14,7 @@
 )
 from sigma.processing.transformations import (
     AddFieldTransformation,
+    ConvertTypeTransformation,
     RemoveFieldTransformation,
     SetFieldTransformation,
     SetValueTransformation,
@@ -1487,6 +1488,27 @@ def test_set_value_transformation_invalid_force_type():
         SetValueTransformation("test", "invalid")
 
 
+def test_convert_type_transformation_num_to_str():
+    transformation = ConvertTypeTransformation("str")
+    detection_item = SigmaDetectionItem("field", [], [SigmaNumber(123)])
+    transformation.apply_detection_item(detection_item)
+    assert detection_item.value[0] == SigmaString("123")
+
+
+def test_convert_type_transformation_str_to_num():
+    transformation = ConvertTypeTransformation("num")
+    detection_item = SigmaDetectionItem("field", [], [SigmaString("123")])
+    transformation.apply_detection_item(detection_item)
+    assert detection_item.value[0] == SigmaNumber(123)
+
+
+def test_convert_type_transformation_str_to_num_no_number():
+    transformation = ConvertTypeTransformation("num")
+    detection_item = SigmaDetectionItem("field", [], [SigmaString("abc")])
+    with pytest.raises(SigmaValueError, match="can't be converted to number"):
+        transformation.apply_detection_item(detection_item)
+
+
 def test_set_state(dummy_pipeline, sigma_rule: SigmaRule):
     transformation = SetStateTransformation("testkey", "testvalue")
     transformation.set_processing_item(