From 87f919d0bc7193be6dbcee5a6fd44d2af02e70db Mon Sep 17 00:00:00 2001
From: Joshua Roys <joshua.roys@kudelskisecurity.com>
Date: Mon, 15 Nov 2021 15:57:46 -0500
Subject: [PATCH] Fix aggregation GE/LE

List longest matches first otherwise they will never match.
---
 tools/sigma/parser/condition.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/sigma/parser/condition.py b/tools/sigma/parser/condition.py
index a4c908cc8..19ac17b15 100644
--- a/tools/sigma/parser/condition.py
+++ b/tools/sigma/parser/condition.py
@@ -113,10 +113,10 @@ class SigmaConditionTokenizer:
             (SigmaConditionToken.TOKEN_NEAR,   re.compile("near", re.IGNORECASE)),
             (SigmaConditionToken.TOKEN_BY,     re.compile("by", re.IGNORECASE)),
             (SigmaConditionToken.TOKEN_EQ,     re.compile("==")),
-            (SigmaConditionToken.TOKEN_LT,     re.compile("<")),
             (SigmaConditionToken.TOKEN_LTE,    re.compile("<=")),
-            (SigmaConditionToken.TOKEN_GT,     re.compile(">")),
+            (SigmaConditionToken.TOKEN_LT,     re.compile("<")),
             (SigmaConditionToken.TOKEN_GTE,    re.compile(">=")),
+            (SigmaConditionToken.TOKEN_GT,     re.compile(">")),
             (SigmaConditionToken.TOKEN_PIPE,   re.compile("\\|")),
             (SigmaConditionToken.TOKEN_AND,    re.compile("and", re.IGNORECASE)),
             (SigmaConditionToken.TOKEN_OR,     re.compile("or", re.IGNORECASE)),