Sigma Rule Supported Modifier Update (2024-11-26 07:34:23) (#781)

Co-authored-by: YamatoSecurity <[email protected]>
Yamato-Security · Nov 26, 2024 · 0342ae5 · 0342ae5
1 parent 3de77e8
commit 0342ae5
Showing 1 changed file with 33 additions and 23 deletions.
diff --git a/doc/SupportedSigmaFieldModifiers.md b/doc/SupportedSigmaFieldModifiers.md
@@ -1,26 +1,36 @@
 # Hayabusa supported field modifiers
-| Field Modifier        |   Sigma Count |   Hayabusa Count |
-|:----------------------|--------------:|-----------------:|
-| all                   |            13 |                0 |
-| base64offsetǀcontains |             7 |                0 |
-| cased                 |             0 |                0 |
-| cidr                  |            34 |                0 |
-| contains              |          2764 |               21 |
-| containsǀall          |           977 |                0 |
-| containsǀallǀwindash  |             4 |                0 |
-| containsǀwindash      |            78 |                0 |
-| endswith              |          2915 |              271 |
-| endswithfield         |             0 |                2 |
-| endswithǀwindash      |             2 |                0 |
-| equalsfield           |             0 |                1 |
-| exists                |             0 |                0 |
-| fieldref              |             1 |                0 |
-| fieldrefǀendswith     |             0 |                0 |
-| re                    |           167 |               11 |
-| reǀi                  |             0 |                0 |
-| reǀm                  |             0 |                0 |
-| reǀs                  |             0 |                0 |
-| startswith            |           443 |                6 |
+| Field Modifier                |   Sigma Count |   Hayabusa Count |
+|:------------------------------|--------------:|-----------------:|
+| all                           |            13 |                0 |
+| base64offsetǀcontains         |             7 |                0 |
+| cased                         |             0 |                0 |
+| cidr                          |            34 |                0 |
+| contains                      |          2764 |               21 |
+| containsǀall                  |           977 |                0 |
+| containsǀallǀwindash          |             4 |                0 |
+| containsǀwindash              |            78 |                0 |
+| endswith                      |          2915 |              271 |
+| endswithfield                 |             0 |                0 |
+| endswithǀwindash              |             2 |                0 |
+| equalsfield                   |             0 |                0 |
+| exists                        |             0 |                0 |
+| fieldref                      |             1 |                1 |
+| fieldrefǀcontains             |             0 |                0 |
+| fieldrefǀendswith             |             0 |                2 |
+| fieldrefǀstartswith           |             0 |                0 |
+| gt                            |             0 |                0 |
+| gte                           |             0 |                0 |
+| lt                            |             0 |                0 |
+| lte                           |             0 |                0 |
+| re                            |           167 |               11 |
+| reǀi                          |             0 |                0 |
+| reǀm                          |             0 |                0 |
+| reǀs                          |             0 |                0 |
+| startswith                    |           443 |                6 |
+| utf16beǀbase64offsetǀcontains |             0 |                0 |
+| utf16leǀbase64offsetǀcontains |             0 |                0 |
+| utf16ǀbase64offsetǀcontains   |             0 |                0 |
+| wideǀbase64offsetǀcontains    |             0 |                0 |
 
 # Hayabusa unsupported field modifiers
 | Field Modifier   |   Sigma Count |   Hayabusa Count |
@@ -43,5 +53,5 @@
 | temporal_count (with group-by) |             0 |                0 |
 
 This document is being dynamically updated based on the latest rules.  
-Last Update: 2024/11/25  
+Last Update: 2024/11/26  
 Author: Fukusuke Takahashi