From bd58575a578eb289f0e4e8f368b97013eaee1bb3 Mon Sep 17 00:00:00 2001
From: Mathieu LE CLEACH <mathieu.lecleach@cert.europa.eu>
Date: Tue, 12 Nov 2024 11:45:13 +0100
Subject: [PATCH] fix: entity mapping issues for Sigma

---
 src/droid/platforms/sentinel.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/droid/platforms/sentinel.py b/src/droid/platforms/sentinel.py
index 2c57b4c..0362170 100644
--- a/src/droid/platforms/sentinel.py
+++ b/src/droid/platforms/sentinel.py
@@ -422,12 +422,14 @@ def create_rule(self, rule_content, rule_converted, rule_file):
             enabled = True
 
         # Handling the entities
-        entity_mappings = []
         if rule_content.get('custom', {}).get('entity_mappings'):
+            entity_mappings = []
             for mapping in rule_content['custom']['entity_mappings']:
                 field_mappings = [FieldMapping(identifier=field['identifier'], column_name=field['column_name'])
                                     for field in mapping['field_mappings']]
                 entity_mappings.append(EntityMapping(entity_type=mapping['entity_type'], field_mappings=field_mappings))
+        else:
+            entity_mappings = None
 
         # Handling the severity
         if rule_content['level'] == 'critical':