-
|
Hello, I have a bunch of rules I'm using with sigmatools with statements as I feel like this count is not supported yet by pysigma, am I right ? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Yes, pySigma currently doesn't supports aggregation statements including count. In future these will be replaced with Sigma correlations that are part of the Sigma v2 specification. Because of resource constraints (pySigma and Sigma CLI are maintained by different people in their spare time or as part-time project) the deprecated Sigma v1 aggregation expressions will not be implemented in pySigma and correlations are not yet implemented in it. For the same reason there's also no ETA, but development will start soon. |
Beta Was this translation helpful? Give feedback.
-
|
Correlation are finally here. Introduced in pysigma 0.11.0 - https://github.com/SigmaHQ/pySigma/releases/tag/v0.11.0 |
Beta Was this translation helpful? Give feedback.
Correlation are finally here.
Introduced in pysigma 0.11.0 - https://github.com/SigmaHQ/pySigma/releases/tag/v0.11.0
Release blog - https://blog.sigmahq.io/introducing-sigma-correlations-52fe377f2527
Specification - https://github.com/SigmaHQ/sigma-specification/blob/main/specification/sigma-correlation-rules-specification.md