feat: ✨ Load custom field in the logsource

SigmaHQ / pySigma

Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)

GNU Lesser General Public License v2.1

380 stars 95 forks source link

feat: ✨ Load custom field in the logsource #215

Closed frack113 closed 3 months ago

frack113 commented 4 months ago

In the current version custom field are ignored in the logsource section. The side effect is you can not detect typo error and the rule will be loaded. Like in my test categorie: process_creation will give a valid category: None

I have add a SigmaLogsourceError and a optionnal custom_attributes

thomaspatzke commented 3 months ago

Wouldn't this break rules where the log source contains an additional description attribute?

frack113 commented 3 months ago

I have remove my breaking change as I forget about description field... Will add a new sigmahq validator when it is publish