Skip to content

Commit

Permalink
Merge pull request SigmaHQ#1561 from frack113/es_rule_add_more_tag
Browse files Browse the repository at this point in the history 
add multi custom tag for issue SigmaHQ#1560
  • Loading branch information
@Neo23x0
Neo23x0 authored Jun 25, 2021
2 parents 2ad6401 + 1f2c93a commit abe353d
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions tools/sigma/backends/elasticsearch.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1341,7 +1341,7 @@ class ElasticSearchRuleBackend(object):
("convert_to_url", False, "Want to convert to a URL ?", None),
("path_to_replace", "../", "The local path to replace with dest_base_url", None),
("dest_base_url", "https://github.com/SigmaHQ/sigma/tree/master/", "The URL prefix", None),
("custom_tag", None , "Add a custom tag", None),
("custom_tag", None , "Add custom tag. for multi split with a comma tag1,tag2 ", None),
)
default_rule_type = "query"

Expand Down Expand Up @@ -1499,7 +1499,12 @@ def create_rule(self, configs, index):
tactics_list.append(tact)

if self.custom_tag:
new_tags.append(self.custom_tag)
if ',' in self.custom_tag:
tag_split = self.custom_tag.split(",")
for l_tag in tag_split:
new_tags.append(l_tag)
else:
new_tags.append(self.custom_tag)

threat = self.create_threat_description(tactics_list=tactics_list, techniques_list=technics_list)
rule_name = configs.get("title", "").lower()
Expand Down

0 comments on commit abe353d

Please sign in to comment.