add selection flag for backward compatibility

tools/sigma/backends/sql.py

@@ -46,7 +46,10 @@ class SQLBackend(SingleTextQueryBackend):
     options = SingleTextQueryBackend.options + (
         ("table", "eventlog", "Use this option to specify table name.", None),
         ("select", "*", "Use this option to specify fields you want to select. Example: \"--backend-option select=xxx,yyy\"", None),
+        ("selection", False, "Use this option to enable fields selection from Sigma rules.", None),
     )
+
+    selection_enabled = False
     
 
     def __init__(self, sigmaconfig, options):
@@ -62,6 +65,9 @@ class SQLBackend(SingleTextQueryBackend):
         else:
             self.select_fields = list()
 
+        if "selection" in options:
+            self.selection_enabled = True
+
     def generateANDNode(self, node):
         generated = [ self.generateNode(val) for val in node ]
         filtered = [ g for g in generated if g is not None ]
@@ -162,13 +168,19 @@ class SQLBackend(SingleTextQueryBackend):
         # Then add fields specified in the backend configuration
         fields.extend(self.select_fields)
 
+        # In case select is specified in backend option, we want to enable selection
+        if len(self.select_fields) > 0:
+            self.selection_enabled = True
+
         # Finally, in case fields is empty, add the default value
         if not fields:
             fields = list("*")
 
         for parsed in sigmaparser.condparsed:
-            #query = self.generateQuery(parsed)
-            query = self._generateQueryWithFields(parsed, fields)
+            if self.selection_enabled:
+                query = self._generateQueryWithFields(parsed, fields)
+            else:
+                query = self.generateQuery(parsed)
             before = self.generateBefore(parsed)
             after = self.generateAfter(parsed)