Hi,
Do anybody have a good pipeline to transform sigma(https://sigmahq.io/) detection rules to Elastic Security (Defend)? There where some resonable good examples for the old sigmac converter, but I haven't found any for pysigma. There is a inbuilt pipeline (ecs_windows) that suites the Windows integration (winlogbeat use-case).. but it does not work well with Defend integration or for other none-windows endpoints.
I'm working on a python script automate rule updates on new sigma releases and it kind of works well, but there are some issues with the field mappings.
Best regards