SigmaHQ/pySigma-backend-elasticsearch issues and pull requests

#96 - Improve siem_rule_ndjson postprocessing pipeline in README

Pull Request - State: closed - Opened by Mat0vu 7 days ago

#95 - Feat: elastalert backend

Pull Request - State: closed - Opened by kurisukun 9 days ago - 1 comment

#94 - Add ES|QL siem_rule_ndjson template

Pull Request - State: closed - Opened by Mat0vu 11 days ago - 1 comment

#93 - Build(deps-dev): Bump pytest-cov from 5.0.0 to 6.0.0

Pull Request - State: closed - Opened by dependabot[bot] 15 days ago
Labels: dependencies

#92 - Fix: Added postprocessing pipelines to README

Pull Request - State: closed - Opened by andurin 16 days ago

#91 - Version Bump

Pull Request - State: closed - Opened by andurin 16 days ago

#90 - Fix: EQL Double quotation issue

Pull Request - State: closed - Opened by andurin 16 days ago

#89 - Build(deps): Bump pysigma from 0.11.17 to 0.11.18

Pull Request - State: closed - Opened by dependabot[bot] 22 days ago
Labels: dependencies

#88 - Fix ES|QL siem_rule_ndjson Detection Rule Import into Kibana

Pull Request - State: closed - Opened by Mat0vu 26 days ago - 1 comment

#87 - Build(deps-dev): Bump coverage from 6.5.0 to 7.6.4

Pull Request - State: closed - Opened by dependabot[bot] 28 days ago
Labels: dependencies

#86 - Build(deps-dev): Bump pytest-cov from 4.1.0 to 5.0.0

Pull Request - State: closed - Opened by dependabot[bot] 28 days ago
Labels: dependencies

#85 - Build(deps-dev): Bump pytest from 7.4.4 to 8.3.3

Pull Request - State: closed - Opened by dependabot[bot] 28 days ago
Labels: dependencies

#84 - Build(deps-dev): Bump pylint from 2.17.7 to 3.3.1

Pull Request - State: closed - Opened by dependabot[bot] 28 days ago
Labels: dependencies

#83 - Update dependabot.yml

Pull Request - State: closed - Opened by andurin 28 days ago

#82 - Fix: ES|QL correlations AttributeError and field existence

Pull Request - State: closed - Opened by m4dh4t about 1 month ago

#81 - Index Error at multi rule query postprocess

Issue - State: closed - Opened by jcordon5 about 1 month ago

#80 - Fix: ES|QL correlations AttributeError and field existence

Pull Request - State: closed - Opened by m4dh4t about 1 month ago - 1 comment

#79 - Defines 2 more fields in the Elastic K8S Integration

Pull Request - State: closed - Opened by LAripping about 1 month ago - 1 comment

#78 - ESQL: Field existence check has opposite logic

Issue - State: closed - Opened by rtkmaryang about 2 months ago

#77 - Fix: ES|QL index and metadata states

Pull Request - State: closed - Opened by m4dh4t 2 months ago - 1 comment

#76 - ESQL / Correlations: AttributeError when using siem_rule/kibana_ndjson formats

Issue - State: closed - Opened by 13621 3 months ago - 4 comments

#75 - Elastalert backend

Issue - State: closed - Opened by m4dh4t 3 months ago - 3 comments
Labels: wait for pr

#74 - Installation of 'elasticsearch' backend plugin not working for sigma cli

Issue - State: closed - Opened by v1p3r0u5 3 months ago - 2 comments

#73 - [ES|QL] Non-aggregating query

Issue - State: closed - Opened by 0xFustang 3 months ago

#72 - ES|QL Index list handling

Issue - State: closed - Opened by WildDogOne 3 months ago

#71 - Regex Escaping for EQL

Issue - State: open - Opened by WildDogOne 3 months ago

#70 - Elastic Security Informational Severity

Issue - State: open - Opened by WildDogOne 3 months ago

#69 - Enabling Index selection for SIEM NDJSON Policies

Pull Request - State: closed - Opened by WildDogOne 3 months ago

#68 - Completes integration of kubernetes pipeline

Pull Request - State: closed - Opened by LAripping 4 months ago - 1 comment

#67 - Feat: Add Elastic Security rules and Kibana saved object support for ES|QL

Pull Request - State: closed - Opened by m4dh4t 4 months ago - 3 comments

#66 - ES version

Issue - State: open - Opened by adilraad2001 4 months ago

#65 - [Correlations] ES|QL should perform a unique reduction on indexes

Issue - State: closed - Opened by sinnwise 5 months ago

#64 - Fix: Feature not supported on fieldref modifier

Pull Request - State: closed - Opened by andurin 5 months ago

#63 - Update mapping for Imphash

Pull Request - State: closed - Opened by dfiredit1337 6 months ago

#62 - Processing pipeline must be merged with another one.

Issue - State: open - Opened by Koirin3224 6 months ago - 1 comment

#61 - Fix language and type typo for EQL

Pull Request - State: closed - Opened by webhead404 6 months ago - 3 comments

#60 - Add escape too all ':' in cidr for ipv6

Pull Request - State: closed - Opened by gregorywychowaniec-zt 7 months ago

#59 - Convert esql correlation rule fail no attribute get_conversion_states

Issue - State: closed - Opened by frack113 7 months ago - 4 comments

#58 - Fix invalid escape sequence

Pull Request - State: closed - Opened by cospirho 7 months ago

#57 - Wrong network direction values

Issue - State: open - Opened by cospirho 7 months ago - 3 comments

#56 - ES|QL backend with correlation support

Pull Request - State: closed - Opened by thomaspatzke 8 months ago

#55 - Chore update

Pull Request - State: closed - Opened by frack113 8 months ago

#54 - Escape CIDR IPV6

Pull Request - State: closed - Opened by frack113 8 months ago

#53 - Escape Cidr IPV6

Pull Request - State: closed - Opened by frack113 8 months ago - 2 comments

#52 - ecs_windows mappig skipped

Issue - State: closed - Opened by tr0mb1r 8 months ago - 1 comment

#51 - Update Kubernetes Logsource

Pull Request - State: closed - Opened by nasbench 8 months ago

#50 - Single quote escaping problem in query_string

Issue - State: closed - Opened by foxalfabravo 9 months ago - 2 comments

#49 - DSL query support

Issue - State: open - Opened by balintnadasi 9 months ago - 7 comments
Labels: enhancement

#48 - IPv6 address causes error in CIDR notation

Issue - State: closed - Opened by nzedler 9 months ago - 2 comments

#47 - Add user.name mapping

Pull Request - State: closed - Opened by defensivedepth 9 months ago - 1 comment

#45 - Duplicate query when using multiple pipelines

Issue - State: open - Opened by defensivedepth 10 months ago - 1 comment
Labels: bug

#44 - build: 📦 Update dependencies to pySigma 0.11

Pull Request - State: closed - Opened by frack113 10 months ago - 1 comment

#43 - Fixed issues with query strings containing spaces and/or wildcards for Lucene Backend

Pull Request - State: closed - Opened by Koen1999 10 months ago - 3 comments

#42 - Kubernetes pipeline (audit logs)

Pull Request - State: closed - Opened by LAripping 10 months ago - 1 comment

#41 - Invalid EQL rule type and language

Issue - State: closed - Opened by FilipPwn 10 months ago

#40 - feat: add parsing of Mitre Att&ck tags into threat obj

Pull Request - State: closed - Opened by rkokkelk 11 months ago

#39 - Updates for EQL support

Pull Request - State: closed - Opened by defensivedepth 11 months ago

#38 - Update poetry

Pull Request - State: closed - Opened by frack113 11 months ago

#37 - fix: add `elasticsearch` to the allowed backends in the pipeline config

Pull Request - State: closed - Opened by nasbench about 1 year ago

#36 - Lucene Rule Generation Quotation Mark Issue

Issue - State: closed - Opened by LucaKuechler about 1 year ago - 3 comments

#35 - How to close subfields when convert a sigma rule to dsl?

Issue - State: closed - Opened by leexuan about 1 year ago - 1 comment

#34 - Solves sigma-cli/issues/29

Pull Request - State: closed - Opened by deibit about 1 year ago - 2 comments

#33 - Transform current output formats to postprocessing

Issue - State: open - Opened by andurin about 1 year ago - 2 comments

#32 - Eql backend

Pull Request - State: closed - Opened by thomaspatzke about 1 year ago - 1 comment

#31 - ecs_windows can not be use with lucene

Issue - State: closed - Opened by frack113 about 1 year ago - 1 comment

#30 - Custom Attributes Problem

Issue - State: closed - Opened by Yuvijadeja over 1 year ago - 1 comment

#29 - Converting sigma rule to elasticsearch, double quotation marks are inserted twice.

Issue - State: closed - Opened by KSHMK over 1 year ago - 1 comment

#28 - Wildcard format issue

Issue - State: closed - Opened by eliranDream over 1 year ago - 4 comments

#27 - Fix handling of angle brackets

Pull Request - State: closed - Opened by Technici4n over 1 year ago - 6 comments

#26 - Incorrect conversion of > character in sigma rule for Elastic/ECS Windows type

Issue - State: closed - Opened by canilc over 1 year ago - 2 comments

#25 - Fix #24: fix handling of null field conditions

Pull Request - State: closed - Opened by Technici4n over 1 year ago - 1 comment

#24 - Bug with `NOT _exists_` query

Issue - State: closed - Opened by Technici4n over 1 year ago - 1 comment

#23 - Queries fail for `IP` type

Issue - State: closed - Opened by cospirho over 1 year ago - 3 comments

#22 - No support for multi-field mappings

Issue - State: closed - Opened by cospirho over 1 year ago - 2 comments

#21 - Missing case-insensitive options

Issue - State: closed - Opened by cospirho over 1 year ago - 1 comment

#20 - Support Case Insensitivity + Multi-Fields

Pull Request - State: closed - Opened by cospirho over 1 year ago

#19 - pySigma can produce invalid `NOT NOT` queries

Issue - State: closed - Opened by Technici4n over 1 year ago - 4 comments
Labels: bug

#18 - Fix: Missing formats

Pull Request - State: closed - Opened by andurin over 1 year ago

#17 - Missing formats in version 1.0.1

Issue - State: closed - Opened by gal-dd over 1 year ago - 1 comment

#16 - Update for pysigma 0.9.* ?

Issue - State: closed - Opened by Asilias over 1 year ago - 1 comment

#15 - Output formatter - double quotes

Issue - State: closed - Opened by DoggySmooth almost 2 years ago - 8 comments
Labels: enhancement

#14 - re incorrectly escape of /

Issue - State: closed - Opened by gal-dd almost 2 years ago - 1 comment

#13 - Fixed regular expression escaping

Pull Request - State: closed - Opened by thomaspatzke almost 2 years ago

#12 - Fixing re double escape issue

Pull Request - State: closed - Opened by andurin almost 2 years ago - 1 comment

#11 - Elasticsearch query string Support

Issue - State: closed - Opened by frack113 almost 2 years ago

#10 - Elasticsearch DSL query Support

Issue - State: closed - Opened by frack113 almost 2 years ago

#9 - [sigmac] conversion to [elasticsearch] is incorrectly escaped for regex rule

Issue - State: closed - Opened by canilc almost 2 years ago - 6 comments
Labels: bug

#8 - Conversion of empty strings in grouped OR expression

Issue - State: closed - Opened by canilc almost 2 years ago - 4 comments
Labels: bug

#7 - Kibana - failed import target elasticsearch format kibana_ndjson

Issue - State: closed - Opened by si-ddb about 2 years ago - 2 comments
Labels: bug

#6 - Detection field containing '.' is not encapsulated with quotes

Issue - State: closed - Opened by Yadasko about 2 years ago - 3 comments

#5 - Fix breakingchange 0.8.0

Pull Request - State: closed - Opened by andurin over 2 years ago

#4 - Added Tests against real elasticsearch Instance

Pull Request - State: closed - Opened by andurin over 2 years ago

#3 - Ndjson output

Pull Request - State: closed - Opened by andurin over 2 years ago

#2 - Change ES precedence OR<->AND

Pull Request - State: closed - Opened by andurin over 2 years ago - 1 comment

#1 - Added es-dsl output

Pull Request - State: closed - Opened by andurin over 2 years ago

GitHub / SigmaHQ/pySigma-backend-elasticsearch issues and pull requests