Many security use cases require searching with case-insensitive strings. One popular example is Sigma, which uses case-insensitive strings by default. We want to enable this in our language, and have a few options for doing so:
Use a custom literal for case-insensitive comparison, similar to /pattern/i for regular expressions.
Use a custom operator for case-insensitive comparison, e.g., field ~ "string".
Use a custom field type for case-insensitive string values, e.g., istring_type, and make that always compare and index case-insensitively.
### Definition of Done
- [ ] Agree on the approach we want to take
- [ ] Implement the required changes
Many security use cases require searching with case-insensitive strings. One popular example is Sigma, which uses case-insensitive strings by default. We want to enable this in our language, and have a few options for doing so:
/pattern/i
for regular expressions.field ~ "string"
.istring_type
, and make that always compare and index case-insensitively.