Conversion of Folder to AQL Fails

[blUeBUg200]

Hi Team,

I am trying to convert a directory containing sigma rules to AQL which is not happening. Either I miss something (and I couldn't find any examples) or bulk operation not supported as of now,

Command1: sigma convert -t qradar 2023_RedCanary_ThreatDetectionReport/

Error:

Parsing Sigma rules [####################################] 100%
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.11/bin/sigma", line 8, in
sys.exit(main())
^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sigma/cli/main.py", line 17, in main
cli()
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/click/core.py", line 1130, in call
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sigma/cli/convert.py", line 192, in convert
result = backend.convert(rule_collection, format)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sigma/conversion/base.py", line 96, in convert
queries = [
^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sigma/conversion/base.py", line 99, in
for query in self.convert_rule(rule, output_format or self.default_format)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sigma/conversion/base.py", line 112, in convert_rule
processing_pipeline.apply(rule) # 1. Apply transformations
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sigma/processing/pipeline.py", line 263, in apply
applied = item.apply(self, rule)
^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sigma/processing/pipeline.py", line 146, in apply
self.transformation.apply(pipeline, rule)
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/sigma/processing/transformations.py", line 78, in apply
for detection in rule.detection.detections.values():
^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'detections' (while applying processing pipeline on rule /Users/kaviarasana/Github/Sigma-Rules/2023_RedCanary_ThreatDetectionReport/technique_ingress_tool_transfer_bitsadmin_download.yml)

Command2: sigma convert -t qradar -p qradar_windows 2023_RedCanary_ThreatDetectionReport/

Error:

Parsing Sigma rules [####################################] 100%
Error while conversion: The QRadar savedsearches Sigma backend supports only the following fields for process_creation log source

Any help is appreciated.