Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: Add correlation rules to the Sigma engine #3831

Open
scudette opened this issue Oct 15, 2024 · 2 comments
Open

FR: Add correlation rules to the Sigma engine #3831

scudette opened this issue Oct 15, 2024 · 2 comments

Comments

@scudette
Copy link
Contributor

A full description of correlations is found here https://open.substack.com/pub/ecapuano/p/atomic-and-stateful-detection-rules
@mgreen27
Copy link
Collaborator

mgreen27 commented Oct 15, 2024
edited
Loading

https://sigmahq.io/docs/meta/correlations.html

Reading the sigma spec - there doesnt look like too many options for stateful process detections that we can do in vql wrt heirarchy

@joeavanzato
Copy link

Just a +1 on this feature - I think this would be a great addition to help support writing scalable logic in Sigma format and applying it to arbitrary artifacts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@scudette @mgreen27 @joeavanzato