Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementing NOT operation as != #108

Closed
thomaspatzke opened this issue Mar 31, 2023 Discussed in #80 · 1 comment
Closed

Implementing NOT operation as != #108

thomaspatzke opened this issue Mar 31, 2023 Discussed in #80 · 1 comment
Labels
enhancement New feature or request

Comments

@thomaspatzke
Copy link
Member

Discussed in #80

Originally posted by barvhaim December 6, 2022
Hello, I am migrating the STIX backend to pySigma, in order to translate rules includes not x, we don't have NOT (x) in the language but we have to modify the eq expression to != instead of =,

sel:
    fieldA: valueA
    fieldB: valueB

so in case of sel, I expect to fieldA = 'valueA' AND fieldB = 'valueB'
and in case of not sel, I expect to fieldA != 'valueA' OR fieldB != 'valueB'

(and the other way around with OR cases)

How do you recommend to do such translation?

we do control the nodes in the Sigmac version (https://github.com/SigmaHQ/sigma/blob/8fa8a7355141b525f5764ad5ff86caf6afc641c7/tools/sigma/backends/stix.py#L143), but wonder what would be the best way to implement that in the new pySigma
@thomaspatzke thomaspatzke added the enhancement New feature or request label Mar 31, 2023
@thomaspatzke
Copy link
Member Author

Implemented by @slincoln-aiq in #301

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thomaspatzke