pySigma-backend-splunk issues

Results 13 pySigma-backend-splunk issues

Sort by recently updated

Prepend necessary conditions to query

As tackled in #52 and #51, this PR is a proposal for fixing errors encountered in regex oring and in correlations rules. For details see these issues. ## Description To...

arblade

deferred expressions not applied in correlation rules

## Description When a correlation rule has, in one of its "sub rule" or "referenced rule" a deferred expression, like a regex (converted to `| regex`) or an regex oring,...

arblade

Conditions added by processing pipelines are deferred with OR-ed regex

## Problem Regular expressions logically linked with OR are deferred ## Reproduction Processing pipeline: ``` name: Example Sigma Pipeline Config priority: 100 transformations: - id: prefix_source_and_index type: add_condition conditions: index:...

thomaspatzke

bug

pySigma-backend-splunk
pySigma-backend-splunk copied to clipboard

Metadata

Prepend necessary conditions to query

deferred expressions not applied in correlation rules

Conditions added by processing pipelines are deferred with OR-ed regex

← Metadata

Owner

Metadata

pySigma-backend-splunk pySigma-backend-splunk copied to clipboard

Metadata

Prepend necessary conditions to query

deferred expressions not applied in correlation rules

Conditions added by processing pipelines are deferred with OR-ed regex

← Metadata

Owner

Metadata

pySigma-backend-splunk
pySigma-backend-splunk copied to clipboard