Eql backend (SigmaHQ#32)

* Renamed current lucene backend * Tests: Refactored connect test to support xpack.security * Rename tests to lucene tests * Feature: Elasticsearch EQL Backend * Nocover for overriden function * Fix typo * Fix override * Tests: Import backends directly * Removed imports Thanks to the autoloader * Support for case sensitiveness --------- Co-authored-by: Hendrik <[email protected]>
cospirho · Nov 14, 2023 · 71dcd04 · 71dcd04
1 parent e753803
commit 71dcd04
Show file tree

Hide file tree

Showing 9 changed files with 1,621 additions and 48 deletions.
diff --git a/sigma/backends/elasticsearch/__init__.py b/sigma/backends/elasticsearch/__init__.py
@@ -1,5 +0,0 @@
-from .elasticsearch import LuceneBackend
-
-backends = {
-    "elasticsearch": LuceneBackend,
-}

diff --git a/sigma/backends/elasticsearch/elasticsearch_eql.py b/sigma/backends/elasticsearch/elasticsearch_eql.py
diff --git a/...a/backends/elasticsearch/elasticsearch.py → ...nds/elasticsearch/elasticsearch_lucene.py b/...a/backends/elasticsearch/elasticsearch.py → ...nds/elasticsearch/elasticsearch_lucene.py