From f34dc070dca6c487316de09d9bffe65d033d04e9 Mon Sep 17 00:00:00 2001
From: Mat0vu <73690594+Mat0vu@users.noreply.github.com>
Date: Tue, 18 Feb 2025 11:59:25 +0100
Subject: [PATCH] add group_by to correlation template translation

---
 sigma/conversion/base.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sigma/conversion/base.py b/sigma/conversion/base.py
index 32c618c..523e1af 100644
--- a/sigma/conversion/base.py
+++ b/sigma/conversion/base.py
@@ -1844,6 +1844,9 @@ def convert_correlation_rule_from_template(
                 condition=self.convert_correlation_condition_from_template(
                     rule.condition, rule.rules, correlation_type, method
                 ),
+                groupby=self.convert_correlation_aggregation_groupby_from_template(
+                    rule.group_by, method
+                ),
             )
         ]