I was wondering if there are some missing/ broken when-conditions in the following example (pipeline rules):
In the rule
sysmon threatintel is only the when-condition:
And in the rule
sysmon threatintel inflate is only the when-condition:
Also, after the pipeline rules there are those sentences:
The rules will now need to be added to a new Pipeline. We will name it Windows-Sysmon. In this Pipeline, we will have the following Stages containing rules: Please note, due to the amount of messages produced by sysmon, you should enable the delivery to Graylog in batches so that you are able to scale and size the environment.
It looks like the stages and their descriptions are also missing there right?