delete investigation_fields fom esql backend

SigmaHQ · Oct 25, 2024 · 8e1f505 · 8e1f505
1 parent 1881953
commit 8e1f505
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/sigma/backends/elasticsearch/elasticsearch_esql.py b/sigma/backends/elasticsearch/elasticsearch_esql.py
@@ -503,7 +503,6 @@ def finalize_query_siem_rule_ndjson(
             "meta": {
                 "from": "1m",
             },
-            "investigation_fields": {},
             "author": [rule.author] if rule.author is not None else [],
             "false_positives": rule.falsepositives,
             "from": f"now-{self.schedule_interval}{self.schedule_interval_unit}",