SigmaHQ / sigma-cli

The Sigma command line interface based on pySigma
132 stars 34 forks source link

Cannot define custom string in the custom pipeline mapping #18

Closed ndex11 closed 1 year ago

ndex11 commented 1 year ago

Command: sigma convert -t qradar -p qradar_pipeline.yaml rules\windows\dns_query\dns_query_win_anonymfiles_com.yml

Error: Error while conversion: The QRadar savedsearches Sigma backend supports only the following fields for process_creation log source

I think there should be something after "log source" in the error message but there is not.

Not working: name: Qradar Pipeline priority: 100 transformations:

Not working: name: Qradar Pipeline priority: 100 transformations:

Working: name: Qradar Pipeline priority: 100 transformations:

Working: name: Qradar Pipeline priority: 100 transformations:

thomaspatzke commented 1 year ago

It's a QRadar backend issue, moving it to the project.

thomaspatzke commented 1 year ago

Can't move across orgs, please reopen in this repository.