8May
Sigma "keywords" rules and Auditbeat
I've recently begun using Auditbeat for capturing and streaming audit logs from my Linux machine.
I browsed the main rules repository, and noticed that many rules rely on the keywords feature of Sigma (e.g. this rule). However, I'm unable to use it with Auditbeat.
Is this possible? Do you have any recommendations on how this could be done?
