thomaspatzke
commented
1 year ago No, this would be completely opposite to the idea of Sigma to be an universal language for expression of detections.
Closed ericzinnikas closed 1 year ago
thomaspatzke
commented
1 year ago No, this would be completely opposite to the idea of Sigma to be an universal language for expression of detections.
Wondering if you have any thoughts/plans on how to support custom Splunk commands (i.e.
dedup)? It seems like these could be handled as custom type modifiers (likere), which would require adding to modifier_mapping.