From cc13a5e3de187f9a69c7e7fe3280e57f909b9fc1 Mon Sep 17 00:00:00 2001
From: wagga40 <6437862+wagga40@users.noreply.github.com>
Date: Sun, 2 May 2021 14:39:41 +0200
Subject: [PATCH] Add a backend option to specify table name for SQL Backend

---
 tools/sigma/backends/sql.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/tools/sigma/backends/sql.py b/tools/sigma/backends/sql.py
index bd734bfa6..077de1bbc 100644
--- a/tools/sigma/backends/sql.py
+++ b/tools/sigma/backends/sql.py
@@ -43,9 +43,16 @@ class SQLBackend(SingleTextQueryBackend):
     mapListValueExpression = "%s OR %s"     # Syntax for field/value condititons where map value is a list
     mapLength = "(%s %s)"
 
-    def __init__(self, sigmaconfig, table):
+    options = SingleTextQueryBackend.options + (
+        ("table", False, "Use this option to specify table name, default is \"eventlog\"", None),
+    )
+
+    def __init__(self, sigmaconfig, options):
         super().__init__(sigmaconfig)
-        self.table = table
+        if "table" in options:
+            self.table = options["table"]
+        else:
+            self.table = "eventlog"
 
     def generateANDNode(self, node):
         generated = [ self.generateNode(val) for val in node ]