Use Cases
Definition files are easy and fast to write but they are not very flexible (specifically, they do not support AND logic without using the query field)
Proposal
Sigma rule syntax allows for greater flexibility
Additional context
There is already python code called pySigma (link) that can be used. Support for all but Cortex XDR is available.
Which category is the feature part of?
Which product is the feature part of?
Use Cases Definition files are easy and fast to write but they are not very flexible (specifically, they do not support
ANDlogic without using thequeryfield)Proposal Sigma rule syntax allows for greater flexibility
Additional context There is already python code called
pySigma(link) that can be used. Support for all but Cortex XDR is available.