SigmaHQ pySigma-backend-splunk issues

SigmaHQ / pySigma-backend-splunk

pySigma Splunk backend

GNU Lesser General Public License v2.1

34 stars 18 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

"aliases" attribute in sigma correlation rules not translated

#45 sec-hbaer opened 1 month ago
0
Enhancement: Implement "|re" modifier for fields

#44 jabrcks opened 3 months ago
0
Directly interact with savedsearches.conf fields when using the savedsearches format

#43 joshnck opened 5 months ago
1
Problem in logical operator execution order : WHERE vs SEARCH

#42 IgorHrkswxryski opened 5 months ago
1
Convert correlation in savedsearches mode

#41 IgorHrkswxryski opened 6 months ago
1
Request: Using the fields: key to define the values() from a |stats command in correlation searches

#40 joshnck opened 7 months ago
0
Question: Using stats instead of table for the fields field

#39 burnsn1 closed 5 months ago
1
Add support for Web.Proxy Splunk data model

#38 RolandRoure closed 7 months ago
0
adding Oring regexes

#37 arblade closed 7 months ago
0
Update test.yml

#36 frack113 closed 7 months ago
0
ORing modifier `CIDR` error

#35 frack113 opened 8 months ago
0
Does an output "saved searches as dict" make sense?

#34 jabrcks closed 8 months ago
1
Adding custom cim mapping kv

#33 IgorHrkswxryski closed 9 months ago
1
Correlation rule support

#32 thomaspatzke closed 9 months ago
0
build: 📦 Update dependencies version

#31 frack113 closed 9 months ago
0
Splunk backend seems to not support correlation rules

#30 IgorHrkswxryski closed 9 months ago
1
Splunk backend allegedly doesn't support or conditions in regex, but fails to detect them (and for some reason creates a newline before | regex)

#29 joshnck opened 10 months ago
1
Update poetry

#28 frack113 closed 11 months ago
0
Question: How to avoid processing the fields?

#27 0xFustang opened 1 year ago
2
[Question] How to transform/override the data model name?

#26 0xFustang closed 1 year ago
4
New output format: accelerated datamodel query in a savedsearches.conf file

#25 0x616c6578 closed 1 year ago
2
done

#24 F0r3nsick closed 1 year ago
0
Enhancement: add OriginalFileName

#23 gs3cl closed 1 year ago
3
Original file name addition

#21 Rivosyke closed 1 year ago
1
Field Mapping: Add OriginalFileName -> Processes.original_file_name

#20 Rivosyke closed 1 year ago
3
Enhancement: Handle Sigma correlations in pySigma-backend-splunk

#19 jabrcks closed 9 months ago
2
Field mapping : "Image" field not converted for Splunk

#17 Enarior closed 1 year ago
5
Support custom Splunk commands

#16 ericzinnikas closed 1 year ago
1
Custom savedsearch.conf settings

#14 ericzinnikas closed 2 years ago
2
Use rule fields to generate 'table' search output

#13 ericzinnikas closed 2 years ago
1
Support for using rule fields to generate "table" output

#12 ericzinnikas closed 2 years ago
0
Support for cron_schedule, earliest_time, latest_time

#11 ericzinnikas closed 1 year ago
3
[sigmac] [splunk] Unescaped . in query

#15 phantinuss opened 2 years ago
6
Multiple sub-rules, detecting only one of them.

#10 jonathan-s closed 2 years ago
1
Include alert descriptions in savedsearch output

#9 ericzinnikas closed 2 years ago
1
Converting rules gives wrong results

#8 jonathan-s closed 2 years ago
4
Single quoting of field names breaking SPL

#7 xv-nathan-h closed 2 years ago
4
TypeError: object of type 'int' has no len()

#5 jonathan-s closed 2 years ago
1
Added initiliazation and condition to avoid UbuoundLocalError

#4 elhoim closed 2 years ago
0
Add repository

#3 fabaff closed 2 years ago
0
Sigma Backend Splunk data model support

#2 P4T12ICK closed 2 years ago
0
escape backslashes

#1 M3NIX closed 2 years ago
1