We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug
% stix-shifter translate elastic_ecs query "{}" "[file:x_path MATCHES '(?i)TEMP[a-z]*']" 2023-10-18 13:45:47,325 stix_shifter_modules.elastic_ecs.stix_translation.query_translator INFO Converting STIX2 Pattern to data source query { "queries": [ "(file.path : /[tT][eE][mM][pP][-AZaz]*/ OR dll.path : /[tT][eE][mM][pP][-AZaz]*/) AND (@timestamp:[\"2023-10-18T17:40:47.325Z\" TO \"2023-10-18T17:45:47.325Z\"])" ] }
The section in bracket is not correctly generated. It is a bug in (?i) handling.
(?i)
The [a-z]* should be unfolded as [a-zA-Z]*.
[a-z]*
[a-zA-Z]*
This occurs on stix-shifter 6.2.1 and 6.2.2 when we implemented (?i) for elastic_ecs.
elastic_ecs
The text was updated successfully, but these errors were encountered:
fix opencybersecurityalliance#1605 + more tests
8cd8c5e
Successfully merging a pull request may close this issue.
Describe the bug
The section in bracket is not correctly generated. It is a bug in
(?i)handling.The
[a-z]*should be unfolded as[a-zA-Z]*.This occurs on stix-shifter 6.2.1 and 6.2.2 when we implemented
(?i)forelastic_ecs.The text was updated successfully, but these errors were encountered: