Xiaokui Shu
Xiaokui Shu
@AcousticCh Great! I updated the issue to give you more information and starter links. @charliewutw will guide you if needed.
Good task to upgrade `FIND`. We can choose to expose the 1st degree relation of `process--x-oca-event` and `x-oca-event--file`, or not to expose it for this issue. - If not, the...
I test `stix2matcher` and it has the same behavior. I think this occurs since any string needs to escape `\` to be `\\`, so regex needs to have `\` be...
@MaxwellDPS I think you find another issue, related. After some digging, I realize the issue I posted here is actually a design, not a bug. One can think the value...
Add _raw string_ support in Kestrel to resolve the four baskslash issue https://github.com/opencybersecurityalliance/kestrel-lang/pull/329 . However, the `'` in string bug found by @MaxwellDPS is not fixed.
I think so, not sure what is the standard STIX pattern way of saying "field is not null".
Very good problem description, @vereimyst ! Now you are 1/3 down the road---a full procedure of solving a problem has three phases: describing/formalizing the problem, figuring out a solution, and...
Some information to explain: ``` 16:26:17 DEBUG kestrel.session standard auto-complete 16:26:17 DEBUG kestrel.session exception: [ERROR] KestrelSyntaxError: invalid token "" at line 1 column 12, expects "ATTRIBUTES" ``` This actually triggers...
@pcoccoli how about adding an API in firepit to simplify the implementation of auto-complete of dotted attributes (so no need to explicitly use `JOIN`) ? ``` def list_ref_columns(base_type:str, ref_name:str) ->...
I did a test to re-execute the auto-completion case you created (you can run it in the python venv where `kestrel-lang` is installed): ``` #/usr/bin/env python import logging from kestrel.session...