pySigma icon indicating copy to clipboard operation
pySigma copied to clipboard
verified publisher icon SigmaHQ

Implementing NOT operation as `!=`

Open thomaspatzke opened this issue 2 years ago • 0 comments

Discussed in https://github.com/SigmaHQ/pySigma/discussions/80

Originally posted by barvhaim December 6, 2022 Hello, I am migrating the STIX backend to pySigma, in order to translate rules includes not x, we don't have NOT (x) in the language but we have to modify the eq expression to != instead of =,

sel:
    fieldA: valueA
    fieldB: valueB

so in case of sel, I expect to fieldA = 'valueA' AND fieldB = 'valueB' and in case of not sel, I expect to fieldA != 'valueA' OR fieldB != 'valueB'

(and the other way around with OR cases)

How do you recommend to do such translation?

we do control the nodes in the Sigmac version (https://github.com/SigmaHQ/sigma/blob/8fa8a7355141b525f5764ad5ff86caf6afc641c7/tools/sigma/backends/stix.py#L143), but wonder what would be the best way to implement that in the new pySigma

thomaspatzke avatar Mar 31 '23 08:03 thomaspatzke