Aggregations in rules #14976
Unanswered
GyciakasGh0st
asked this question in
Ideas
Aggregations in rules
#14976
Replies: 1 comment
-
|
Think you are asking for correlations, that is currently not supported in SO. It is something the devs are aware of and will need to look at. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We can find the way to do aggregations in SIgma rules. For example count event per 5 minutes and other type of aggregations.
In playbook it is possible:
Or we just not finding documentation? And if not yet possible to do that have you have plans for it ?
Beta Was this translation helpful? Give feedback.
All reactions