Closed frack113 closed 3 months ago
Wouldn't this break rules where the log source contains an additional description
attribute?
I have remove my breaking change as I forget about description
field...
Will add a new sigmahq validator when it is publish
In the current version custom field are ignored in the logsource section. The side effect is you can not detect typo error and the rule will be loaded. Like in my test
categorie: process_creation
will give a validcategory: None
I have add a SigmaLogsourceError and a optionnal
custom_attributes