nasbench
commented
1 year ago Hey @aureliosccpovoa and thanks for reporting this issue.
We identified this over the weekend and a fix is already merged. See https://github.com/SigmaHQ/sigma/pull/4526
Please give some time to be pushed and you should be able to update the signatures and the problem will be resolved.
Thanks once again for reporting and feel free to re-open the issue if it persists.
Hi,
I'm getting an error message about the compilation of a Sigma rule, as follows:
AURORA: Error MODULE: Sigma MESSAGE: Could not compile rule ERROR: syntax error in selection_ip_3 element of rule Obfuscated IP Download Activity: error parsing regexp: invalid or unsupported Perl syntax:
(?!FILE: public\windows\process_creation\proc_creation_win_susp_obfuscated_ip_download.yml ID: cb5a2333-56cf-4562-8fcb-22ba1bca728d TITLE: Obfuscated IP Download ActivitySeems to be a problem with the lines 37, 39, 41 and 45, that have the '(?!' symbols. When these lines are commented, the agent runs normally.