Merge pull request #325 from Mat0vu/eql-correlation

Prepare for EQL Correlations
SigmaHQ · Feb 20, 2025 · f9d2f18 · f9d2f18
2 parents 03dcaac + f34dc07
commit f9d2f18
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/sigma/conversion/base.py b/sigma/conversion/base.py
@@ -1844,6 +1844,9 @@ def convert_correlation_rule_from_template(
                 condition=self.convert_correlation_condition_from_template(
                     rule.condition, rule.rules, correlation_type, method
                 ),
+                groupby=self.convert_correlation_aggregation_groupby_from_template(
+                    rule.group_by, method
+                ),
             )
         ]