pySigma-backend-elasticsearch
pySigma-backend-elasticsearch copied to clipboard
SigmaHQ
pySigma Elasticsearch backend
The pySigma (>=0.10.0) [post-processing](https://medium.com/sigma-hq/introducing-query-post-processing-and-output-finalization-to-processing-pipelines-4bfe74087ac1) feature allows a much more dynamic way to create different output formats. ES Backend should be rewritten including the current output formats as templates.
When we pass any custom attributes in rule it's not return that attributes in response. request = { "title": "Test", "status": "test", "logsource": { "category": "test_category", "product": "test_product", }, "building_block":...
Hello! So, I'm fairly new with SIGMA-rules and PySigma, but slowly getting there. I want to generate some Elasticsearch queries for the API, based on some SIGMA-rules I have generated....
I have noticed that the ES|QL backend does not differentiate between string or list of strings. Because of this, if there is a pipeline which adds a list of strings...
According to the [Elastic documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html) since backslash (\) is also the escaping character for json it needs to be escaped itself. For example if a Sigma rule is "username|re: '\$'"...
Elastic Security does now know the severity Informational. It only understands Low, Medium, High, Critical. Since Sigma does allow Informational (as it is designed to) there will be the possibility...
I have noticed that the EQL Backend does not support the usage of state variables to change the index used in the SIEM Rule. However ESQL does allow for that....
Just a couple of minor updates that were missing upstream, in relation to the Kubernetes processing pipeline for Elasticsearch - exporting it, for Python packages importing this one - listing...
Also, fixes https://github.com/SigmaHQ/pySigma-backend-elasticsearch/issues/65
