Feat: Add Elastic Security rules and Kibana saved object support for ES|QL

SigmaHQ / pySigma-backend-elasticsearch

pySigma Elasticsearch backend

GNU Lesser General Public License v3.0

42 stars 24 forks source link

Feat: Add Elastic Security rules and Kibana saved object support for ES|QL #67

Closed m4dh4t closed 1 month ago

m4dh4t commented 2 months ago

Also, fixes https://github.com/SigmaHQ/pySigma-backend-elasticsearch/issues/65

m4dh4t commented 2 months ago

Tests are missing for now, will try to push them tomorrow.

m4dh4t commented 2 months ago

Hi @andurin, I added tests for the three new output formats (based on what I saw in the other backends) and added the missing esql_connect tests as well. I tested all these exports manually by importing them in a local Kibana instance both via API and GUI and it seems to work well.

I would gladly take any feedback on this !

andurin commented 1 month ago

Thank you. Merged.