[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Patterning against multiple object types
[I changed the subject to reflect the changing topic] On 7/8/2016 8:06 AM, Kirillov, Ivan A. wrote:
Ah, yes, thanks for mentioning this Trey. I think we’ll want to consider updating the patterning spec so that we can allow for such patterns (i.e., the same field on any Object).
As a more general approach, what about dropping the requirement for an object type altogether? Then you could just do:
body MATCHES /.*evil stuff.*/ You could match against specific types by saying something like: type = 'file-object' AND hashes.sha-256 = 'aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f'For which we could define "syntactic sugar" that makes the original construction equivalent:
file-object:hashes.sha-256 = 'aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f' Greg
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]