Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Be able to customize output for correlation rules #1445

Open
YamatoSecurity opened this issue Oct 14, 2024 · 0 comments
Open

Be able to customize output for correlation rules #1445

YamatoSecurity opened this issue Oct 14, 2024 · 0 comments
Labels
enhancement New feature or request under-investigation under investigation to develop
Milestone
3.1

Comments

@YamatoSecurity
Copy link
Collaborator

Right now the output in correlation rules is limited to the fields that are used for filtering.
It would be nice to be able to 1. add new fields to see their output and 2. be able to rename the field names in order to use the same convention as the other rules. (like the details field)

As this is not part of the sigma specification, I need to think about the best way to configure this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request under-investigation under investigation to develop
Projects
None yet
Milestone
3.1
Development

No branches or pull requests
1 participant
@YamatoSecurity