Modifiers such as |endswith |startswith do not seem to be working.
rule:
title: test
id: test
detection:
selection:
foo|endswith: "bar"
condition: selection
echo '{"foo": "foobar"}' | ./go-sigma-rule-engine run --rules-dir rules/
Expected result would be a match, but no match is found. Same rule without the modifier and search value of foobar will find a match. Glob pattern in search value also works - so search value *bar without the modifier |endswith works.
Modifiers such as |endswith |startswith do not seem to be working.
rule:
echo '{"foo": "foobar"}' | ./go-sigma-rule-engine run --rules-dir rules/Expected result would be a match, but no match is found. Same rule without the modifier and search value of
foobarwill find a match. Glob pattern in search value also works - so search value*barwithout the modifier|endswithworks.