Closed DBHeise closed 1 year ago
native sigma supports datetime values. It would be nice if we could extend that support to Sigma.
currently the v2 spec supports number values, such as:
detection: exp1: field|gt: 1 field|lt: 10 exp2: field2: - blah - foobar condition: exp1 and exp2
I propose it also can do similarly, but with datetime values, such as:
detection: exp1: field|gt: 2023-01-01T09:00:00Z field|lt: 2023-01-01T10:00:00Z exp2: field2: - blah - foobar condition: exp1 and exp2
running this through pySigma (at the moment) gives a type error: 'datetime.datetime' object is not iterable on line 196 of rule.py
'datetime.datetime' object is not iterable
rule.py
native sigma supports datetime values. It would be nice if we could extend that support to Sigma.
currently the v2 spec supports number values, such as:
I propose it also can do similarly, but with datetime values, such as:
running this through pySigma (at the moment) gives a type error:
'datetime.datetime' object is not iterableon line 196 ofrule.py