Skip to content

Commit

Permalink
doc: update supported-modifier.py
Browse files Browse the repository at this point in the history
  • Loading branch information
@fukusuket
fukusuket committed Nov 25, 2024
1 parent b504bf5 commit c8676fd
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions doc/SupportedSigmaFieldModifiers.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@
| equalsfield | 0 | 0 |
| exists | 0 | 0 |
| fieldref | 1 | 1 |
| fieldrefǀcontains | 0 | 0 |
| fieldrefǀendswith | 0 | 2 |
| fieldrefǀstartswith | 0 | 0 |
| gt | 0 | 0 |
| gte | 0 | 0 |
| lt | 0 | 0 |
Expand Down
2 changes: 1 addition & 1 deletion scripts/supported_modifiers_check/supported-modifier.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ def get_yml_detection_counts(dir_path: str) -> (Counter, Counter):
sigma_modifiers = [
'all', 'startswith', 'endswith', 'contains', 'exists', 'cased', 'windash', 're', 're|i', 're|m', 're|s',
'base64', 'base64offset', 'utf16le|base64offset|contains', 'utf16be|base64offset|contains', 'utf16|base64offset|contains', 'wide|base64offset|contains',
'lt', 'lte', 'gt', 'gte', 'cidr', 'expand', 'fieldref', 'fieldref|endswith', 'equalsfield', 'endswithfield'
'lt', 'lte', 'gt', 'gte', 'cidr', 'expand', 'fieldref', 'fieldref|startswith', 'fieldref|contains','fieldref|endswith', 'equalsfield', 'endswithfield'
]
sigma_correlations = [
"value_count", "value_count (with group-by)", "event_count", "event_count (with group-by)",
Expand Down

0 comments on commit c8676fd

Please sign in to comment.