valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Backend es-dsl tolerates rules without title and log source

Browse Source
This commit is contained in:
Thomas Patzke 2019-04-25 22:41:31 +02:00
parent 16bf5eef0f
commit cfb4f32651
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tools/sigma/backends/elasticsearch.py
View File

@ -111,10 +111,14 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin
def generate(self, sigmaparser):
"""Method is called for each sigma rule and receives the parsed rule (SigmaParser)"""
self.title = sigmaparser.parsedyaml["title"]
self.indices = sigmaparser.get_logsource().index
if len(self.indices) == 0:
self.title = sigmaparser.parsedyaml.setdefault("title", "")
logsource = sigmaparser.get_logsource()
if logsource is None:
self.indices = None
else:
self.indices = logsource.index
if len(self.indices) == 0:
self.indices = None
try:
self.interval = sigmaparser.parsedyaml['detection']['timeframe']