18. Known Issues

18.1. Could not parse sigma logsources

Error could not parse sigma log sources
FILE: config\sigma.yml ERROR: no logsources element found

The issue occurs only for very old THOR installations that at one time had the template file config\tmpl-sigma.yml named config\sigma.yml.

18.1.1. Workaround

The error can be ignored and the THOR scan will run as expected. To prevent the error message from showing, remove config\sigma.yml or use a newly downloaded THOR package.

18.1.2. Status

Open