Merge pull request #1477 from wagga40/master

Resolves #1450 - Bug in es-rule backend when using "-r" argument
2024-11-06 01:15:17 +00:00 · 2021-05-14 09:00:30 +02:00 · 2021-05-14 09:00:30 +02:00 · 691283616f
commit 691283616f
parent bd81adc998 534898a3ce
1 changed files with 2 additions and 0 deletions
--- a/tools/sigma/backends/elasticsearch.py
+++ b/tools/sigma/backends/elasticsearch.py
@ -1381,6 +1381,8 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend):
            rule.update({"threshold": self.rule_threshold})
        if references:
            rule.update({"references": references})
+        self.rule_type = "query"
+        self.rule_threshold = {}
        return json.dumps(rule)

 class KibanaNdjsonBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin):