This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Security Community is upgrading platforms!

Read more and check out our FAQ
Log in to ask a question

Yara 2.0 String iteration

Posted on 10-18-2024 01:28 AM
VivekPuthan
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I would like to get a clarification on How to iterate through all the values if a field consist multiple values in comma separated array format. For example if I use this line the $mesgid = re.capture($e2.network.email.mail_id, "[^,]+")- re.capture will assign only first entry of the array to $mesgid. If I want to assign each values of the array to $mesgid and match it with another variable. What could be the ideal solution? I would be grateful if  anyone could help me here 

0 1 282
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
tameri
Staff
Reply posted on --/--/---- --:-- AM

@VivekPuthan , did you try to use any as mentioned in the repeated fields here this https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-syntax#repeated_fields

 

 

0 Likes
Top Solution Authors
View all