search

bradleyjkemp / sigma-go

A Go implementation and parser for Sigma rules.
MIT License
84 stars 18 forks source link

Export a function to obtain actual values from an event field #8

Closed Rinaldyr closed 2 years ago

Rinaldyr commented 2 years ago

As discussed with @bradleyjkemp, this PR consists of two things:

  1. Move a block of code (which extracts field values from event) in rule.matcherMatchesValues() into a separate function, which is exported. This will be useful to obtain field values from individual event payloads.
  2. Add unit testing for above.