Improve doc concerning similarity strategy with sigma correlation rule

SEKOIA-IO · Feb 12, 2024 · 66244a5 · 66244a5
1 parent cb7e328
commit 66244a5
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/docs/xdr/features/detect/rules_catalog.md b/docs/xdr/features/detect/rules_catalog.md
@@ -175,6 +175,10 @@ You can select these event fields in your rule configuration. To do so, click on
 
 In addition to that, these event fields can be added to the `Swappable fields`. A typical example of that is  `source.ip` and `destination.ip`.
 
+!!! warning
+    Custom similarity strategy are not supported with Sigma Correlation rules.
+    Fields used in the `group-by` clause of the pattern will be used as similarity strategy.
+
 !!! note
     You can learn more about similarity strategies in this [section](../../investigate/alerts/#similarity-strategies).