Mat0vu comments

Repositories
Issues
Comments

Results 4 comments of


                                            Mat0vu

Update of Rare Service Install Detection Rule to use correlation syntax

Hi @frack113, that´s a great resource, thanks for the link! Looks like you´ve already converted most the currently unsupported rules 👍

DSL query support

Hi, I would also be glad to see a DSL-Backend. In the long term we consider switching to EQL or ES|QL, however at the moment we are still using the...

Hi @balintnadasi , sorry for the late response. I´ve just updated my [fork ](https://github.com/Mat0vu/pySigma-backend-elasticsearch/tree/dsl-queries)where I´ve been working on the implementation of a DSL backend for Elasticsearch. Since the DSL Language...

DSL query support

Hi @andurin, because my team is currently switching to ESQL, we do not need DSL support anymore. If @balintnadasi or anyone else still wants DSL, they can use the code...