Feature/sigmarule wildcard regex caseinsensitive#119 (#123)

* under constructing * underconstructing * fix rule file for SIGMA rule. * wildcard case insensetive. * refactor * Update src/detections/rule.rs add test triple backshash Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp> * remove unnecessary if statement Co-authored-by: itiB <is0312vx@ed.ritsumei.ac.jp>
2021-07-02 20:19:53 +09:00
parent ea9f6b96c7
commit c13e6da932
7 changed files with 416 additions and 286 deletions
@@ -8,7 +8,7 @@ detection:
    selection:
        Channel: Sysmon
        EventID: 1
-        CommandLine: '.+'
+        CommandLine|re: '.+'
    # condition: selection
 falsepositives:
    - unknown