How to use Sigma correlations

Question

How to use Sigma correlations

alexpwns opened this issue 3 years ago · 7 comments

I was reading through the wiki and noticed this line, "Aggregations in the condition are deprecated and will be replaced with Sigma correlations.", but can't seem to find any additional information on how to use Sigma correlations. Is there any additional info on Sigma correlations?

Answer 1 · 2021-08-04T13:08:54.000Z

https://onedrive.live.com/view.aspx?resid=3454E59DF98D7D65!7485&ithint=file%2cdocx&authkey=!ADb97TgRX9Fr4xQ

Answer 2 · 2022-02-08T01:33:42.000Z

Any update on what is going on with Correlations? The provisional spec is approaching two years old... will it ever be mainline?

Answer 3 · 2022-04-28T09:46:29.000Z

Some already get value apparently : https://blog.sekoia.io/improving-threat-detection-with-sigma-correlations/

Answer 4 · 2022-05-17T15:04:26.000Z

Should this be closed? Correlations seems to not be marked provisional anymore

Answer 5 · 2022-05-28T00:50:06.000Z

so, did they get rid of the idea behind correlations? I haven't seen a working example still. Tried creating my own, similar to the blog article but I just get an error when sigma can't find a detection section in the rule. Then if I add one, a condition is needed and when I do that, I just get three distinct rules and no actual correlation.

Answer 6 · 2022-10-20T05:01:56.000Z

Hello,
https://github.com/SigmaHQ/sigma-specification/blob/main/wip/Sigma_Correlations.md

Answer 7 · 2024-08-04T18:13:10.000Z

Information on correlation can be found in the following locations: