Hi All,
Any YARA-L functions, which converts the UDM field -> "0" ( string value ) to Integer one or can be fixed through parsers only.
Below is the sceneraio
Solved
Yara L function which converts string to integer
+4- Bronze 2
Best answer by jstoner
If you need this today, the parser extension is the place to do this. There are additional options coming shortly to do this with rules and search, but if you need it today, the parser is your best option.
+22If you need this today, the parser extension is the place to do this. There are additional options coming shortly to do this with rules and search, but if you need it today, the parser is your best option.
+7@Mufa_shah Update: The 'additional options' mentioned by jstoner are in preview now and should be available on all tenants.
cast.as_float() works in both detection rules & udm search.
https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-functions/cast-as_float#castas_float (link updated 4/14/25)
+9cast.as_float it's not listed in the link above, but it's showing in
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.