SigmaHQ pySigma-backend-splunk issues

SigmaHQ / pySigma-backend-splunk

pySigma Splunk backend

GNU Lesser General Public License v2.1

32 stars 19 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Directly interact with savedsearches.conf fields when using the savedsearches format

#43 joshnck opened 2 weeks ago
1
Problem in logical operator execution order : WHERE vs SEARCH

#42 IgorHrkswxryski opened 3 weeks ago
1
Convert correlation in savedsearches mode

#41 IgorHrkswxryski opened 1 month ago
1
Request: Using the fields: key to define the values() from a |stats command in correlation searches

#40 joshnck opened 2 months ago
0
Question: Using stats instead of table for the fields field

#39 burnsn1 closed 2 weeks ago
1
Add support for Web.Proxy Splunk data model

#38 RolandRoure closed 3 months ago
0
adding Oring regexes

#37 arblade closed 3 months ago
0
Update test.yml

#36 frack113 closed 3 months ago
0
ORing modifier `CIDR` error

#35 frack113 opened 3 months ago
0
Does an output "saved searches as dict" make sense?

#34 jabrcks closed 3 months ago
1
Adding custom cim mapping kv

#33 IgorHrkswxryski closed 4 months ago
1
Correlation rule support

#32 thomaspatzke closed 5 months ago
0
build: 📦 Update dependencies version

#31 frack113 closed 5 months ago
0
Splunk backend seems to not support correlation rules

#30 IgorHrkswxryski closed 5 months ago
1
Splunk backend allegedly doesn't support or conditions in regex, but fails to detect them (and for some reason creates a newline before | regex)

#29 joshnck opened 6 months ago
1
Update poetry

#28 frack113 closed 6 months ago
0
Question: How to avoid processing the fields?

#27 0xFustang opened 8 months ago
2
[Question] How to transform/override the data model name?

#26 0xFustang closed 8 months ago
4
New output format: accelerated datamodel query in a savedsearches.conf file

#25 0x616c6578 closed 10 months ago
2
done

#24 F0r3nsick closed 10 months ago
0
Enhancement: add OriginalFileName

#23 gs3cl closed 10 months ago
3
Original file name addition

#21 Rivosyke closed 1 year ago
1
Field Mapping: Add OriginalFileName -> Processes.original_file_name

#20 Rivosyke closed 1 year ago
3
Enhancement: Handle Sigma correlations in pySigma-backend-splunk

#19 jabrcks closed 5 months ago
2
Field mapping : "Image" field not converted for Splunk

#17 Enarior closed 1 year ago
5
Support custom Splunk commands

#16 ericzinnikas closed 1 year ago
1
Custom savedsearch.conf settings

#14 ericzinnikas closed 1 year ago
2
Use rule fields to generate 'table' search output

#13 ericzinnikas closed 1 year ago
1
Support for using rule fields to generate "table" output

#12 ericzinnikas closed 1 year ago
0
Support for cron_schedule, earliest_time, latest_time

#11 ericzinnikas closed 1 year ago
3
[sigmac] [splunk] Unescaped . in query

#15 phantinuss opened 1 year ago
6
Multiple sub-rules, detecting only one of them.

#10 jonathan-s closed 1 year ago
1
Include alert descriptions in savedsearch output

#9 ericzinnikas closed 1 year ago
1
Converting rules gives wrong results

#8 jonathan-s closed 1 year ago
4
Single quoting of field names breaking SPL

#7 xv-nathan-h closed 1 year ago
4
TypeError: object of type 'int' has no len()

#5 jonathan-s closed 2 years ago
1
Added initiliazation and condition to avoid UbuoundLocalError

#4 elhoim closed 2 years ago
0
Add repository

#3 fabaff closed 2 years ago
0
Sigma Backend Splunk data model support

#2 P4T12ICK closed 2 years ago
0
escape backslashes

#1 M3NIX closed 2 years ago
1