fix(sigma): update broken schema url #4098
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes the Sigma schema introduced in #3455. The schema referenced in that PR has since been renamed and updated, and additional schemas now exist (correlation [meta] rules and global filters).
This PR is limited to updating the Sigma rule schema to the current link, as well as clarifying the name and description to avoid ambiguity in the presence of multiple schemas in the SigmaHQ/sigma-specification repo.
I'm not sure whether it would be feasible to implement matching for the other Sigma schemas. Maybe someone more knowledgeable could chime in, but I'm presently unaware of any standard file naming convention that could reliably differentiate between Sigma-associated file subtypes. For now, my goal is to fix the existing Sigma detection rule schema present in SchemaStore.