Would you @andurin be interested in this being merged in pySigma-backend-elasticsearch as this backend was originally supported by sigmac ? I think it would make sense as this backend is strongly linked to Elasticsearch.
If not, we will create a dedicated repository for it.
Hi.
@kurisukun and myself drafted a backend converting Sigma rules into Elastalert rules, inheriting from
LuceneBackend. It currently supports simple rules as well as theevent_countandvalue_countcorrelation rules. You can find the relevant code here: https://github.com/m4dh4t/pySigma-backend-elasticsearch/tree/feat-elastalert-backendWould you @andurin be interested in this being merged in pySigma-backend-elasticsearch as this backend was originally supported by
sigmac? I think it would make sense as this backend is strongly linked to Elasticsearch.If not, we will create a dedicated repository for it.