Is it possible to get a section in the readme that details what kinds of things are supported by the detection/selection/condition fields? I.e. how much of the SIGMA specification is supported?
I noticed that some rules use |contains or |endswith in their selection fields. Are there other processors that are supported? What isn't allowed?
Is it possible to get a section in the readme that details what kinds of things are supported by the detection/selection/condition fields? I.e. how much of the SIGMA specification is supported?
I noticed that some rules use |contains or |endswith in their selection fields. Are there other processors that are supported? What isn't allowed?