Closed fukusuket closed 10 months ago
@YamatoSecurity I think it would be better to modify logsource_mapping.py so that it does not convert rules with the following modifiers that are not currently supported. What do you think?🤔
@fukusuket I think that is a good idea.
Thank you for checking! I'll try implementing it💪
@fukusuket Thanks so much!
Describe the bug The recently updated rules below seem to have field modifiers that are not supported by Hayabusa🤔
https://github.com/Yamato-Security/hayabusa-rules/blob/7bdca9b56863aafd83a0e14a293d8800380ae87d/sigma/builtin/placeholder/security/win_security_exploit_cve_2020_1472.yml#L23-L25
https://github.com/Yamato-Security/hayabusa-rules/blob/7bdca9b56863aafd83a0e14a293d8800380ae87d/sigma/builtin/placeholder/security/win_security_potential_pass_the_hash.yml#L24-L31
It was a correct modifier according to the Sigma rule specifications. https://sigmahq.io/docs/basics/modifiers.html#expand