pySigma-backend-elasticsearch icon indicating copy to clipboard operation
pySigma-backend-elasticsearch copied to clipboard
verified publisher icon SigmaHQ

Invalid EQL rule type and language

Open FilipPwn opened this issue 1 year ago • 0 comments

Greetings.

After generating a few EQL rules I've noticed that they have set type: query and language: lucene instead of type: eql and language: eql

https://github.com/SigmaHQ/pySigma-backend-elasticsearch/blob/ea6ed23f340c90e834b2c1ac1b8ee17338dd4aff/sigma/backends/elasticsearch/elasticsearch_eql.py#L390

FilipPwn avatar Jan 24 '24 14:01 FilipPwn