As a security analyst and operator,

I want to utilise up-to-date SIGMA rules in the OpenSearch Security Plugin, so that I can utilise current contributions from the opensource community.

For example - at the time of writing this - the Okta rules in Security Plugin repo (main branch) have not been updated since February 2023 - with 13 rules available , while the SIGMA repo (master branch) Okta rules were last updated in December 2023 - with 21 rules available, notably including rules based on the high-profile Okta breach in 2023.

This can be observed across many rule categories, with the result that Security Analytics is generally very out of date.

• https://github.com/opensearch-project/security-analytics/tree/main/src/main/resources/rules
• https://github.com/SigmaHQ/sigma/tree/master/rules