Cyb3rWard0g
commented
2 years ago Thank you very much @frack113 ! :)
Closed frack113 closed 2 years ago
Cyb3rWard0g
commented
2 years ago Thank you very much @frack113 ! :)
Cyb3rWard0g
commented
2 years ago Hello @neu5ron ! Would you mind sharing your thoughts on this? I believe it was done this way for a reason? Is this part of the pipeline that you have not merged yet? Whenever you have some time 🙏🏾 thank you !
frack113
commented
2 years ago Hi,
for sigma rule, I have check rdp.yml that have the field name in name with "." .
Cyb3rWard0g
commented
2 years ago Thank you @frack113 !
neu5ron
commented
2 years ago looks ok, sometimes zeek is output to nest as _ or .'s doesn't really matter. LGTM
When check sigma rule find a diff ("_" rather than "."). Fix name according to the reference https://docs.zeek.org/en/v4.1.1/logs/x509.html Some field name are not in the reference.