CaseSensitive turns off the default Sigma behaviour that string operations are by default case-insensitive This can increase performance (especially for larger events) by skipping expensive calls to strings.ToLower.

ForRules compiles a set of rule evaluators which are evaluated together allowing for use of more efficient string matching algorithms.

LazyEvaluation allows the evaluator to skip evaluating searches if they won't affect the overall match result.

GroupedByValues contains the fields that uniquely identify a distinct aggregation statistic.

Event should be some form a map[string]interface{} or map[string]string.