Merge pull request #324 from Mat0vu/eql-correlation

Prepare Pysigma for EQL Correlations
SigmaHQ · Feb 17, 2025 · 03dcaac · 03dcaac
2 parents c443ca4 + 4bdbd3b
commit 03dcaac
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/sigma/conversion/base.py b/sigma/conversion/base.py
@@ -1837,6 +1837,7 @@ def convert_correlation_rule_from_template(
             template[method].format(
                 search=search,
                 typing=self.convert_correlation_typing(rule),
+                timespan=self.convert_timespan(rule.timespan, method),
                 aggregate=self.convert_correlation_aggregation_from_template(
                     rule, correlation_type, method, search
                 ),