markuskont
markuskont
Following rule is not parsed correctly. It becomes a `keyword` rule, rather than `selection`. Correct behavior would be to fail while parsing this rule, as selection object works on key-value...
Main readme needs to be updated. It's still the original one I wrote when we published a paper. But the project has seen some development since then. So it has...
This is a research issue for major development. Initial research into this project went entirely into building individual rules themselves and making matching work. Ruleset as a whole was a...
Since the project reorganization was merged, we can now introduce `tests//` folder with sigma rules and testing logs, rather than having to entirely rely on embedded test cases already present....
While researching this topic, I read the official Sigma project python code a lot to figure out my own implementation. They apply some rule tree optimizations that I intentionally left...
See: https://github.com/markuskont/go-sigma-rule-engine/issues/6#issuecomment-1078766502 It seems to me that I made too many constructors. This can be confusing when trying to implement new features, as contributors might be unsure what is needed...
With go 1.18 introducing generics, we should investigate if they could be used to clean up some type switches that were needed to deal with arbitrary types defined in Sigma...