maederm

I believe the `reEscape` in [ElasticsearchEQLBackend](https://github.com/SigmaHQ/sigma/blob/master/tools/sigma/backends/elasticsearch.py#L425) is not implemented correctly as it doesn't handle the [special case](https://github.com/SigmaHQ/sigma/issues/229#issuecomment-456197887) of `\*`. When using the regex below it handles the wildcard in the...

> A way can be to have 2 modifiers: > > * |re (no change) > > * |re_in ( backend add `.*` or what it is need to work)...

@fichtner: I don't currently see an automatic null route for the delegated IPv6 prefix with 22.7.9.

@fichtner I just tested the patch and rebooted. There is no null route installed for my prefix.

This prints my prefix (redacted) ``` # ifctl -p6 -i igb0 2a02:dead:beef::/48 ``` [EDIT] Also the patch seems to be applied, as I see the route add command on line...

> So this would add the null route? Yes, it does. ``` # ifctl -p6 -i igb0 -da 2a02:dead:beef::/48 route: route has not been found delete net 2a02:dead:beef::/48 fib 0:...

Well I know tested it again with another reboot and this time the route was installed.

@fichtner Thanks, I just verified again and couldn't reproduce the instability. Instead of `route add -${AF} ${CONTENT} ::1` I would do `route add -${AF} ${CONTENT} ::1 -blackhole`. Without using `-blackhole`...

> A way can be to have 2 modifiers: > > * |re (no change) > > * |re_in ( backend add `.*` or what it is need to work)...