frack113
frack113
Hello, https://github.com/SigmaHQ/sigma-specification/blob/main/wip/Sigma_Correlations.md
Hi, Can you use the term `LOLBIN` ? This allows to standardize the rules and facilitate the comprehension for a rookie . `DLL Side-loading` in title and description should be...
HI, @securepeacock any update ?
HI, the docker should be done only at each [Releases](https://github.com/SigmaHQ/sigma/releases).
It is somethink like that `query: '*.*.*.*.fastly.net'` It is more an IOC for this C2 than a generic detection
Hi, The modifier `re` check if it is a valid regex and give it to the backend. Not every backend can handle regex. Some have they way to deal with...
currently it is the **backend** that manages the regex. So the way `es-qs` manages it is a full match because **elactic** is fullmatch. Test in Kibana - Event.Image:/.*\\.exe/ OK -...
I find [this](https://github.com/OTRF/OSSEM/blob/master/docs/dd/guidelines/authoring_data_dictionaries.md). But I think the `intro.md` is a better choice.
HI, I have try as a POC on https://github.com/frack113/MetaRuleBazar No test , No review only the curiosity : is it hard to convert old rules ?
Hello, As `'` don't need to be escape in lucene I try to update my template ```yaml index: {{ index() }} filter: - query: query_string: query: {% if "'" in...