mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-08 02:08:54 +00:00
14 lines
340 B
YAML
14 lines
340 B
YAML
title: Modifier test rule
|
|
detection:
|
|
selection:
|
|
field|re: '.*foobar.*'
|
|
encoded|base64: 'This string is Base64 encoded'
|
|
obfuscated|base64offset|contains:
|
|
- 'http://'
|
|
- 'https://'
|
|
allmatch|contains|all:
|
|
- foo
|
|
- bar
|
|
- bla
|
|
condition: selection
|