sigma/rules/generic/generic_brute_force.yml

[aminemirat]

hi everyone there is an issue with this rule sigma/rules/generic/generic_brute_force.yml specifically in the function count() so if there is someone can help me to fix this problem regards

[frack113]

Hi, What is the trouble ? My tests :

C:\FrackSigma\sigma\tools>python sigmac -t splunk -c .\config\splunk-windows.yml ..\rules\generic\generic_brute_force.yml
action="failure" | eventstats dc(category) as val by dst_ip | search val > 30 | table src_ip,dst_ip,user

Ok Fine

C:\FrackSigma\sigma\tools>python sigmac -t es-qs -c .\config\winlogbeat.yml ..\rules\generic\generic_brute_force.yml
An unsupported feature is required for this Sigma rule (..\rules\generic\generic_brute_force.yml): Aggregations not implemented for this backend
Feel free to contribute for fun and fame, this is open source :) -> https://github.com/Neo23x0/sigma

Ok Fine

[nasbench]

Closing this due to inactivity. If the "issue" still exists. Please open a new issue while linking to this one.