add group_by to correlation template translation

SigmaHQ · Feb 18, 2025 · f34dc07 · f34dc07
1 parent 03dcaac
commit f34dc07
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/sigma/conversion/base.py b/sigma/conversion/base.py
@@ -1844,6 +1844,9 @@ def convert_correlation_rule_from_template(
                 condition=self.convert_correlation_condition_from_template(
                     rule.condition, rule.rules, correlation_type, method
                 ),
+                groupby=self.convert_correlation_aggregation_groupby_from_template(
+                    rule.group_by, method
+                ),
             )
         ]