humpalum
commented
1 year ago What exactly are the features you would need right now?
I think I would wait a bit until the standard is more final in order to avoid double work.
Closed kmahyyg closed 1 year ago
humpalum
commented
1 year ago What exactly are the features you would need right now?
I think I would wait a bit until the standard is more final in order to avoid double work.
https://github.com/SigmaHQ/sigma-specification/blob/version_2/appendix_meta_rules.md
I have some situations that must use v2 schema to write such as correlation related rules, for a most common example, brute-force.
Maybe could you add some support for parsing multiple YAML doc in the same file?
I understand that you may not willing to do this because of this v2 schema is still in draft.
Thanks for your excellent work in advance.