1st Version of collection transforming

[a2tf]

Hey Patrick

Sigma uses collections, and the output of the sigma converter places each of the searches in that collection on a new line. This breaks the search syntax in the savedsearches.conf file. I added the "or_collections" transforming command, which just adds these different searches of a collection with an " OR " to a one liner.

e.g.: rules/windows/sysmon/sysmon_cmstp_execution.yml rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml and so on...

Hope that unsolves syntax errors as well for others...

Andi

[P4T12ICK]

Hi, sorry for the late response. I will review it as soon as possible. Thank you for your contribution.