I would like to get a clarification on How to iterate through all the values if a field consist multiple values in comma separated array format. For example if I use this line the $mesgid = re.capture($e2.network.email.mail_id, "[^,]+")- re.capture will assign only first entry of the array to $mesgid. If I want to assign each values of the array to $mesgid and match it with another variable. What could be the ideal solution? I would be grateful if anyone could help me here
Yara 2.0 String iteration
+1
+5@VivekPuthan , did you try to use any as mentioned in the repeated fields here this https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-syntax#repeated_fields
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.