rulesA list of sigma rules to compile.list of string (required)
log_sourcesA log source object as obtained from the sigma_log_sources() VQL function.Any (required)
field_mappingA dict containing a mapping between a rule field name and a VQL Lambda to get the value of the field from the event.ordereddict.Dict
debugIf enabled we emit all match objects with description of what would match.bool
rule_filterIf specified we use this callback to filter the rules for inclusion.Lambda
default_detailsIf specified we use this callback to determine a details column if the sigma rule does not specify it.Lambda


Evaluate sigma rules.