Replies: 6 comments 1 reply
-
For me, it's a good idea |
Beta Was this translation helpful? Give feedback.
-
What does "depecied" mean? I haven't heard that word before. |
Beta Was this translation helpful? Give feedback.
-
It is for the rule in "rules-unsupported" or "deprecated" . $ grep -re "65531a81-a694-4e31-ae04-f8ba5bc33759"
deprecated/powershell_suspicious_download.yml:id: 65531a81-a694-4e31-ae04-f8ba5bc33759
powershell/powershell_classic/powershell_classic_suspicious_download.yml: - id: 65531a81-a694-4e31-ae04-f8ba5bc33759
powershell/powershell_module/powershell_suspicious_download_in_contextinfo.yml: - id: 65531a81-a694-4e31-ae04-f8ba5bc33759
powershell/powershell_script/powershell_suspicious_download_in_scriptblocktext.yml: - id: 65531a81-a694-4e31-ae04-f8ba5bc33759 powershell_suspicious_download.yml get a status Can be use for legacy os rule as can not guarantee works on supported os. Term can be |
Beta Was this translation helpful? Give feedback.
-
I'd add We'd have to update the Wiki. https://github.com/SigmaHQ/sigma/wiki/Specification#status-optional The converter would then some day simply skip the rules with that status. |
Beta Was this translation helpful? Give feedback.
-
For the wiki: Declares the status of the rule:
A notice or a spelling correction ? |
Beta Was this translation helpful? Give feedback.
-
Resolved |
Beta Was this translation helpful? Give feedback.
-
while discussing with my colleague about the rules of deprecated, he got the idea of a new
depecied
status.It allows an easier management of the rules to be taken.
Maybe add the "not status" filter too.
Beta Was this translation helpful? Give feedback.
All reactions