Added plugin metadata to/for pipelines

Author: thomaspatzke

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "pysigma-backend-splunk"
-version = "1.0.1"
+version = "1.0.2"
 description = "pySigma Splunk backend"
 authors = ["Thomas Patzke <[email protected]>"]
 license = "LGPL-2.1-only"

sigma/pipelines/splunk/__init__.py

@@ -1 +1,7 @@
-from .splunk import splunk_windows_pipeline, splunk_windows_sysmon_acceleration_keywords, splunk_cim_data_model
+from .splunk import splunk_windows_pipeline, splunk_windows_sysmon_acceleration_keywords, splunk_cim_data_model
+
+pipelines = {
+    "splunk_windows": splunk_windows_pipeline,
+    "splunk_sysmon_acceleration": splunk_windows_sysmon_acceleration_keywords,
+    "splunk_cim": splunk_cim_data_model,
+}

sigma/pipelines/splunk/splunk.py

@@ -54,6 +54,7 @@
 def splunk_windows_pipeline():
     return ProcessingPipeline(
         name="Splunk Windows log source conditions",
+        allowed_backends={"splunk"},
         priority=20,
         items=generate_windows_logsource_items("source", "WinEventLog:{source}") + [
             ProcessingItem(     # Field mappings
@@ -68,6 +69,7 @@ def splunk_windows_pipeline():
 def splunk_windows_sysmon_acceleration_keywords():
     return ProcessingPipeline(
         name="Splunk Windows Sysmon search acceleration keywords",
+        allowed_backends={"splunk"},
         priority=25,
         items=[
             ProcessingItem(     # Some optimizations searching for characteristic keyword for specific log sources
@@ -90,6 +92,7 @@ def splunk_windows_sysmon_acceleration_keywords():
 def splunk_cim_data_model():
     return ProcessingPipeline(
         name="Splunk CIM Data Model Mapping",
+        allowed_backends={"splunk"},
         priority=20,
         items=[
             ProcessingItem(