Replies: 1 comment
-
I am not pretty familiar with Elastic, but we did "the same" for Splunk. We came up with a solution, where we added the possibility to add a custom key to a Sigma rules's yaml, which contains some Splunk specific parameters, that are not part of Sigma rules in general. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I'm currently looking to implement a detection-as-code pipeline with Sigma, I want to have all my elastic rules into a repo of Sigma rules, convert them to ndjson, and use detection-rules elastic’s scripts to push them to elastic.
I guess that's the way to do this and my question is when it comes to elastic alert types such as:
I have the feeling that the Elastic backend is only supporting basic queries for now. Is there a way to handle that? Would it require to modify the backend or create a new pipeline? I guess we can solve this with a pipeline, but I'm asking about the most convenient way of doing this (or if I'm missing something).
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions