Nate Guagenti
Nate Guagenti
a full taxonomy/schema 🙃 and here we are.. life has come full circle. in all seriousness, I think an ossem like taxonomy. Maybe just use it. regardless of the path,...
so should keep it at category level. thus can still have specifics of rules that may apply to a specific product/service. but keep the larger category for "all". like windows...
i like "network flows" - just not the name :) unless somebody will be doing byte pattern matching.. just need a category for: 5 tuple src & dst bytes src...
and yeah again I don't like the network category, because in both practice and theory a lot of things can be network and endpoint rules - event 5145 & zeek/suricata...
@yugoslavskiy what do you think of my above comments?
can you provide the converted rule’s query
nice. i would recommend tweaking this to be accomplished with just ends in an integer. a domain never ends in an integer and so this is a more efficient way
@0xThiebaut are you referring to how a domain would look browser side? where the possibilities are endless, the browser/client side converts it to a reasonable HTTP HOST/domain - so browser...
sounds good, can you cc me if you create an issue? yeah (Elasticsearch) lucene regex is not pcre 😩
just to double check and confirm here, we are talking about HTTP Host Header correct?