3

GitHub - IBM/pySigma_QRadar_base: QRadar backend and pipelines as submodule for...

 1 year ago
source link: https://github.com/IBM/pySigma_QRadar_base
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

IBM/pySigma_QRadar_base

main

Go to file

Code

PySigma QRadar

This is the QRadar backend submodule for pySigma QRadar AQL.

Backend

  • QRadarBackend: It provides a base backend for pySigma QRadar AQL.

Pipelines

  • QRadar_fields_pipeline: Supports only the mapped Sigma fields in the field mapping.

  • QRadar_payload_pipeline: Uses payload search instead of unmapped fields.

    For payload search, the following value types are not supported:

    • Boolean
    • Regular Expression
    • Numeric Comparison

License

pySigma_QRadar_base is licensed under the MIT License.

Maintainers

About

QRadar backend and pipelines as submodule for pySigma-backend-QRadar-AQL and pySigma-backend-QRadar-KQL

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK