You can now use the Sigma Correlations format when creating rules!

This will allow you to build detection logic acting on more than one event using the following correlation types:

• Event Count: count the number of events matching some conditions
• Value Count: count the number of unique values in a field for events matching some conditions
• Temporal: look at a sequence of events occuring in the specified timeframe, optionally in order

⚡Just like any Sigma rule, Sigma Correlation rules are applied to the event stream in real-time.

Here is an example of a rule using Sigma Correlations:

If you want to learn more, have a look at the documentation