Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transform current output formats to postprocessing #33

Open
andurin opened this issue Oct 8, 2023 · 2 comments
Open

Transform current output formats to postprocessing #33

andurin opened this issue Oct 8, 2023 · 2 comments
Assignees
@andurin

Comments

@andurin
Copy link
Collaborator

andurin commented Oct 8, 2023

The pySigma (>=0.10.0) post-processing feature allows a much more dynamic way to create different output formats.

ES Backend should be rewritten including the current output formats as templates.
@andurin andurin self-assigned this Oct 8, 2023
@andurin andurin mentioned this issue Oct 8, 2023
Merged
@Lucaazel
Copy link

Does this mean we can have many detection types (other types than query), such as new_terms or threshold?

@thomaspatzke
Copy link
Member

It depends what detection type means. If it embeds a Lucene or EQL query that is already generated by the backend then this is possible. If that are independent query languages then they have to be implemented as custom backend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andurin andurin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andurin @thomaspatzke @Lucaazel