If the sigma rule contains a description, include it in the generated savedsearch.conf output, so it is visible in the UI when running searches and viewing search results.
If there is no description available, leave as an empty string (per the spec).
thomaspatzke
commented
2 years ago
If the sigma rule contains a description, include it in the generated savedsearch.conf output, so it is visible in the UI when running searches and viewing search results.
If there is no description available, leave as an empty string (per the spec).