Detections- Unable to add a Sigma rule receive a 400 error

[Huntanalyst]

We are using Security Onion version 2.4.6, When trying to upload custom Sigma rules under Detections, we receive a 400 error. When trying to convert Sigma rules we receive a 500 error.

[defensivedepth]

Please provide the technical detail that is outlined here: #1720

[Huntanalyst]

Security Onion version as seen in the lower left corner of SOC and in /etc/soversion. 2.4.70.
Is this a cloud deployment or on-prem? If on-prem, do you have Internet access or this an airgap installation? On-prem, with access to the internet.
Did you install from our Security Onion ISO image or did you perform a network installation? ISO image
If network installation, what distro and version did you install on? N/A
How many nodes do you have? 1
What are the hardware specs of each of those nodes? N/A
How are each of those nodes configured? (ex. manager with 2 search nodes and 3 forward nodes) Standalone
Are you experiencing issues monitoring network traffic? If so, are you sniffing from a tap or span port and what is the traffic volume? No
Does so-status show all services running? Yes
Do you get any failures when you run sudo salt-call state.highstate? No
Does the SOC Grid page show any failures? No
Explain your issue. When attempting to add a custom Sigma detection under the detection tab. We are receiving the following error message "Request failed with status code 400. See the Help section of the Security Onion documentation for additional troubleshooting guidance. The Hunt interface may contain additional log messages to further diagnose the issue."

[defensivedepth]

2.4.80 was released yesterday and has a number of fixes for Detections. I would suggest upgrading and seeing if that fixes the issue.

As part of this release, there are new Detection templates. I would suggest editing the Sigma template so that you know you have the correct syntax.