thomaspatzke
commented
1 year ago Correlations are not yet supported by pySigma where the Splunk backend is based on. I keep this open to track the progress.
Closed jabrcks closed 8 months ago
thomaspatzke
commented
1 year ago Correlations are not yet supported by pySigma where the Splunk backend is based on. I keep this open to track the progress.
thomaspatzke
commented
8 months ago Implemented in backend version 1.1.0.
It would be great if there will be a way to handle Sigma correlations as described here (https://github.com/SigmaHQ/sigma-specification/blob/version_2/Sigma_meta_rules.md#correlation-types). Not sure how this can be handeled as the correlation and Sigma rules seem to be located in different files and referenecd by the rule id. If there is a way yet to do this with this backend, I am missing it until now :P