title: Modifier test rule
logsource:
    product: windows
    service: security
detection:
    selection:
        field|re: '.*foobar.*'
        encoded|wide|base64: 'This string is Base64 encoded'
        obfuscated|base64offset|contains:
            - 'http://'
            - 'https://'
        allmatch|contains|all:
            - foo
            - bar
            - bla
        end|endswith: test
        start|startswith: test
    condition: selection