phantinuss
phantinuss
Thanks for the feedback, I will have an update for the rule shortly. See PR #206
Same issue. Manually setting lightbgm to 3.3.0 fixed the issue for me. New package installations of stringsifter will have this issue. If not fixed, lightgbm could at least be pinned...
I think this will trigger on very many possible paths. `/home/$USER/.cache/...` `.vpython-root` `.venv` `.git/hooks/...` `.local/bin/` `.config` directory has some scripts in it That's just from a quick find/grep on my...
1. --> the specification states id as optional. They are mandatory in the SigmaHQ rules repository, though. There are other optional fields (e.g. status) that are mandatory if you want...
I am against New_Value as it collides with the field names that are defined as attributes of XML Tags in WinEventLog (e.g. Provider_Name). IIRC NewValue (stripping of whitespace) was introduced...
Should be resolved by now. If not, please reopen the issue.
This is not the full alert message. Can you provide the full events including the match-strings? Do the rules match reproducibly? The match is in-memory on the process. Maybe some...
I'd like to add the possibility to have multiple input folders for Sigma rules. The repo is structured so that we use multiple folders (rules, rules-emerging-threats, rules-threat-hunting). By default we...
Or maybe the `/` is the character which has to be escaped?
As you can see in the screenshot of the first post it is an issue, documented or not. And the solution to escape `/` will work at least in all...