pySigma-backend-loki icon indicating copy to clipboard operation
pySigma-backend-loki copied to clipboard

Published 20 hours ago verified publisher icon grafana

Update backend to support Sigma Correlations

Open kelnage opened this issue 1 year ago • 0 comments

The latest release of pySigma includes a feature known as Sigma Correlations (documented in the next version of the Sigma specification), which allows Sigma rules to look at a larger number of log events and use them to determine whether to produce an alert or not.

We should be able to achieve most (if not all) of the core Correlations functionality via LogQL's metric queries support.

kelnage avatar Jan 05 '24 14:01 kelnage