security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

manage start end regex

Browse Source
This commit is contained in:
frack113
2021-10-20 21:20:04 +02:00
parent 90bcc61ce3
commit bb758bdb0f
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/sigma/backends/elasticsearch.py
+9
View File
@@ -153,6 +153,15 @@ class ElasticsearchWildcardHandlingMixin(object):
elif type(value) == list:
return self.generateMapItemListNode(transformed_fieldname, value)
elif isinstance(value, SigmaTypeModifier):
#On elastic can not use ^ or $ re is full match
if isinstance(value,sigma.parser.modifiers.type.SigmaRegularExpressionModifier):
the_regex = value.value
if the_regex[0]=="^" and the_regex[-1]=="$":
value.value = the_regex[1:-1]
elif the_regex[0]=="^":
value.value = the_regex[1:] if the_regex[-2:] == ".*" else the_regex[1:] + ".*"
elif the_regex[-1]=="$":
value.value = the_regex[:-1] if the_regex[:2] == ".*" else ".*" +the_regex[:-1]
return self.generateMapItemTypedNode(transformed_fieldname, value)
elif value is None:
return self.nullExpression % (transformed_fieldname, )