General
First release of pysigma-pipeline-rclinuxedr.
Pipeline
- Pipeline uses RC Linux EDR field names
- Pipeline only supports `linux` product type
- Pipeline supports the following category types for field mappings
- `process_creation`
- `network_connection`
- `firewall`
- Pipeline supports the following fields:
- `CommandLine`
- `CurrentDirectory`
- `DestinationHostname`
- `DestinationIp`
- `DestinationgIsIPv6`
- `DestinationPort`
- `DstIP`
- `DstPort`
- `Initiated`
- `IpAddress`
- `ParentImage`
- `ParentImagePath`
- `ParentProcessId`
- `ProcessId`
- `Protocol`
- `SrcIp`
- `SrcPort`
- `SourceHostname`
- `SourceIp`
- `SourceIsIPv6`
- `SourcePort`
- `User`
- `dst_host`
- `dst_ip`
- `dst_port`
- `md5`
- `sha256`
- `src_host`
- `src_ip`
- `src_port`
- Any unsupported fields or categories will throw errors