Henrik Wittemeier
Henrik Wittemeier
Feature Request: First of all: I really like your work! A great thing would be to see, on which release the Device is running. Maybe by showing Device *** 3...
## Description Hi, im trying to write a go signature in which i need the HTTPRequest Header Data of the Event net_packet_http_request. I found the function GetProtoHTTPByName(eventObj, "http_proto") that works...
I tried to use RemoveFieldTransformation to remove a field from a sigma rule: Rule: ``` [...] detection: selection: record_type: 'TXT' answer|contains: - 'IEX' - 'Invoke-Expression' - 'cmd.exe' condition: selection ```...