The fieldref modifier in Sigma v2 is the same as our equalsfield modifier. If we change this modifier name in the next version and update our rule that uses equalsfield to instead use fieldref then users of 2.17.0 will get a parsing error when they update rules. In order to avoid this, I want to add in |fieldref: modifier support that does the same thing as |equalsfield: but still keep the ability to use the old |equalsfield: modifier. Then we can update the Hayabusa rule to use fieldref instead about a month after releasing the new version to allow users time to update.
The
fieldrefmodifier in Sigma v2 is the same as ourequalsfieldmodifier. If we change this modifier name in the next version and update our rule that usesequalsfieldto instead usefieldrefthen users of 2.17.0 will get a parsing error when they update rules. In order to avoid this, I want to add in|fieldref:modifier support that does the same thing as|equalsfield:but still keep the ability to use the old|equalsfield:modifier. Then we can update the Hayabusa rule to usefieldrefinstead about a month after releasing the new version to allow users time to update.