pySigma-backend-splunk ORing modifier `CIDR` error

ORing modifier `CIDR` error

Open frack113 opened this issue 1 year ago • 0 comments

Hello When convert a rule with the cidr get an error

sigma convert -t splunk -p splunk_windows .\rules\windows\network_connection\net_connection_win_script_wan.yml
Parsing Sigma rules  [####################################]  100%
Error while conversion: ORing CIDR matching is not yet supported by Splunk backend in .\rules\windows\network_connection\net_connection_win_script_wan.yml

Try with only DestinationIp|cidr: '127.0.0.0/8' in the rule but get the same error.

$frack113 avatar$ Mar 12 '24 11:03 frack113

pySigma-backend-splunk pySigma-backend-splunk copied to clipboard

ORing modifier `CIDR` error

pySigma-backend-splunk
pySigma-backend-splunk copied to clipboard