From 9eed57ee1dca866572eae392a6b995d1df0bbcf1 Mon Sep 17 00:00:00 2001
From: Maxime Lamothe-Brassard <maxime@refractionpoint.com>
Date: Mon, 11 Nov 2019 14:25:07 -0500
Subject: [PATCH 1/2] Adding the "falsepositives" field to the LC metadata.

---
 tools/sigma/backends/limacharlie.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/sigma/backends/limacharlie.py b/tools/sigma/backends/limacharlie.py
index d5682d492..0fbc2dafc 100644
--- a/tools/sigma/backends/limacharlie.py
+++ b/tools/sigma/backends/limacharlie.py
@@ -275,6 +275,9 @@ class LimaCharlieBackend(BaseBackend):
         if ruleConfig.get("author", None) is not None:
             respondComponents[0].setdefault("metadata", {})["author"] = ruleConfig["author"]
 
+        if ruleConfig.get("falsepositives", None) is not None:
+            respondComponents[0].setdefault("metadata", {})["falsepositives"] = ruleConfig["falsepositives"]
+
         # Assemble it all as a single, complete D&R rule.
         return yaml.safe_dump({
             "detect": detectComponent,

From 61bcc46394e63ba1e1a452f1977ab9f58c944f85 Mon Sep 17 00:00:00 2001
From: Maxime Lamothe-Brassard <maxime@refractionpoint.com>
Date: Mon, 18 Nov 2019 14:50:41 -0500
Subject: [PATCH 2/2] Prettier formatting of YAML.

---
 tools/sigma/backends/limacharlie.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/sigma/backends/limacharlie.py b/tools/sigma/backends/limacharlie.py
index 0fbc2dafc..1bc8be628 100644
--- a/tools/sigma/backends/limacharlie.py
+++ b/tools/sigma/backends/limacharlie.py
@@ -282,7 +282,7 @@ class LimaCharlieBackend(BaseBackend):
         return yaml.safe_dump({
             "detect": detectComponent,
             "respond": respondComponents,
-        })
+        }, default_flow_style = False)
 
     def generateQuery(self, parsed):
         # We override the generateQuery function because