add datadog backend structure

2021-11-23 11:08:27 -05:00
parent 653950e456
commit c2b91c58d9
1 changed files with 13 additions and 0 deletions
@@ -0,0 +1,13 @@
+from sigma.backends.base import SingleTextQueryBackend
+
+
+class DatadogBackend(SingleTextQueryBackend):
+    identifier = "datadog"  # TODO: more specific?
+    active = True
+    config_required = False
+
+    andToken = " AND "
+    orToken = " OR "
+    notToken = "-"
+    subExpression = "(%s)"
+    mapExpression = "%s:%s"