Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update backend to support Sigma Correlations #124

Open
kelnage opened this issue Jan 5, 2024 · 0 comments
Open

Update backend to support Sigma Correlations #124

kelnage opened this issue Jan 5, 2024 · 0 comments
Labels
backend Related to changes to the query backend enhancement New feature or request

Comments

@kelnage
Copy link
Collaborator

kelnage commented Jan 5, 2024
edited

The latest release of pySigma includes a feature known as Sigma Correlations (documented in the next version of the Sigma specification), which allows Sigma rules to look at a larger number of log events and use them to determine whether to produce an alert or not.

We should be able to achieve most (if not all) of the core Correlations functionality via LogQL's metric queries support.
@kelnage kelnage changed the title Update plugin to support pySigma v0.11.0 and Sigma Correlations Update backend to support pySigma v0.11.0 and Sigma Correlations Jan 5, 2024
@kelnage kelnage added enhancement New feature or request backend Related to changes to the query backend labels Jan 5, 2024
@kelnage kelnage changed the title Update backend to support pySigma v0.11.0 and Sigma Correlations Update backend to support Sigma Correlations Jan 22, 2024
@kelnage kelnage added the epic label Jan 23, 2024
@kelnage kelnage mentioned this issue Feb 6, 2024
Closed
@kelnage kelnage removed the epic label Feb 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend Related to changes to the query backend enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kelnage