Closed ndex11 closed 1 year ago
Command: sigma convert -t qradar -p qradar_pipeline.yaml rules\windows\dns_query\dns_query_win_anonymfiles_com.yml
Error: Error while conversion: The QRadar savedsearches Sigma backend supports only the following fields for process_creation log source
I think there should be something after "log source" in the error message but there is not.
Not working: name: Qradar Pipeline priority: 100 transformations:
Working: name: Qradar Pipeline priority: 100 transformations:
It's a QRadar backend issue, moving it to the project.
Can't move across orgs, please reopen in this repository.
Command: sigma convert -t qradar -p qradar_pipeline.yaml rules\windows\dns_query\dns_query_win_anonymfiles_com.yml
Error: Error while conversion: The QRadar savedsearches Sigma backend supports only the following fields for process_creation log source
I think there should be something after "log source" in the error message but there is not.
Not working: name: Qradar Pipeline priority: 100 transformations:
Not working: name: Qradar Pipeline priority: 100 transformations:
Working: name: Qradar Pipeline priority: 100 transformations:
Working: name: Qradar Pipeline priority: 100 transformations: