rjurney
commented
1 year ago This would form a graph - links between rules and the data types [and properties] within them - that would be useful for many reasons. This is something many companies working in cybersecurity are working on, it would make sense to pool resources.
Discussed in https://github.com/SigmaHQ/sigma-specification/discussions/6
Idea: add a correlation type that allows to inject/include detections from one rule to another and use them from there. This would be quite useful for false positive handling, generic rule parts and possibly other use cases typically encountered in integration of Sigma into an existing detection environment.