Solved: Yara L function which converts string to integer

Mufa_shah · 07-22-2024 11:04 PM

Hi All,

Any YARA-L functions, which converts the UDM field -> "0" ( string value ) to Integer one or can be fixed through parsers only.

Below is the sceneraio

jstoner

If you need this today, the parser extension is the place to do this. There are additional options coming shortly to do this with rules and search, but if you need it today, the parser is your best option.

View solution in original post

jstoner

If you need this today, the parser extension is the place to do this. There are additional options coming shortly to do this with rules and search, but if you need it today, the parser is your best option.

JeremyLand

@Mufa_shah Update: The 'additional options' mentioned by jstoner are in preview now and should be available on all tenants.
cast.as_float() works in both detection rules & udm search.
https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-functions/cast-as_float#castas_float (link updated 4/14/25)

hzmndt

cast.as_float it's not listed in the link above, but it's showing in

https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-functions/cast-as_float#castas_float

Webinar May 14th: Gemini's generative AI within Google SecOpsWebinar May 29th: Log Ingestion: Bindplane + Google SecOps

Yara L function which converts string to integer

Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps