Add modifier to check if two fields are equal or not

Question

Add modifier to check if two fields are equal or not

YamatoSecurity opened this issue 2 years ago · 2 comments

Although many backends might not be able to support it, there is a need to check if two fields are equal or not.
Ref: https://github.com/SigmaHQ/sigma/discussions/3902
What about adding a |equalsfield: modifier?

That is how we implemented it in hayabusa:
https://github.com/Yamato-Security/hayabusa-rules/blob/main/hayabusa/builtin/Security/LogonLogoff/Logon/Sec_4624_Med_Logon-Type9-NewInteractive_PossibleTokenImpersonation.yml

Answer 1 · 2023-01-13T17:27:54.000Z

Should be a discussion not an issue

Answer 2 · 2023-01-14T02:34:13.000Z

@nasbench I see, I will close this as an issue then.