Merge pull request #15974 from Security-Onion-Solutions/jertel/wip

es|ql defaults
Merge pull request #15978 from Security-Onion-Solutions/reyesj2-patch-1
2026-06-16 23:30:42 +02:00 · 2026-06-16 14:27:54 -04:00 · 2026-06-16 11:17:56 -05:00 · 2026-06-15 12:33:08 -04:00
2 changed files with 6 additions and 0 deletions
@@ -1464,6 +1464,7 @@ soc:
          sigmaRulePackages:
            - core
            - emerging_threats_addon
+          useEsql: false
        elastic:
          hostUrl:
          remoteHostUrls: []
@@ -383,6 +383,11 @@ soc:
            global: True
            advanced: False
            helpLink: sigma
+          useEsql:
+            description: "(Pre-release) Use Elasticsearch Piped Query Language (ES|QL) instead of EQL (Elastic Query Language) for Elasticsearch queries. The Sigma converter will output ES|QL instead of EQL, allowing support for correlations."
+            global: True
+            advanced: True
+            forcedType: bool
        elastic:
          index:
            description: Comma-separated list of indices or index patterns (wildcard "*" supported) that SOC will search for records.
Author	SHA1	Message	Date
Jason Ertel	aa58225e8f	Merge pull request #15974 from Security-Onion-Solutions/jertel/wip es\|ql defaults	2026-06-16 14:27:54 -04:00
Jorge Reyes	acf48db915	Merge pull request #15978 from Security-Onion-Solutions/reyesj2-patch-1 remove pillar merge	2026-06-16 11:17:56 -05:00
Jason Ertel	ae1ddf3817	es\|ql defaults	2026-06-15 12:33:08 -04:00