Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries.

2024-12-28 15:58:24 +01:00 · 2022-09-13 23:37:10 -04:00 · 2022-09-13 23:37:10 -04:00 · dfb30f194f
commit dfb30f194f
parent ee68df7f26
4 changed files with 10 additions and 10 deletions
--- a/YML-Schema.yml
+++ b/YML-Schema.yml
@ -74,19 +74,19 @@ mapping:
            type: str
          "Sigma":
            type: str
-            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
          "Analysis":
            type: str
-            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
          "Elastic":
            type: str
-            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
          "Splunk":
            type: str
-            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
          "BlockRule":
            type: str
-            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
  "Resources":
    type: seq
    required: false
@ -95,7 +95,7 @@ mapping:
        mapping:
          "Link":
            type: str
-            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
+            pattern: '^http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+$'
  "Acknowledgement":
    type: seq
    required: false
@ -106,4 +106,4 @@ mapping:
            type: str
          "Handle":
            type: str
-            pattern: '^@(\w){1,15}$'
+            pattern: '^(@(\w){1,15})?$'
--- a/yml/OSBinaries/Bitsadmin.yml
+++ b/yml/OSBinaries/Bitsadmin.yml
@ -46,7 +46,7 @@ Detection:
  - IOC: bitsadmin creates new files
  - IOC: bitsadmin adds data to alternate data stream
 Resources:
-  - Link: https://www.slideshare.net/chrisgates/windows-attacks-at-is-the-new-black-26672679 - slide 53
+  - Link: https://www.slideshare.net/chrisgates/windows-attacks-at-is-the-new-black-26672679
  - Link: https://www.youtube.com/watch?v=_8xJaaQlpBo
  - Link: https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
 Acknowledgement:
--- a/yml/OSBinaries/Esentutl.yml
+++ b/yml/OSBinaries/Esentutl.yml
@ -66,4 +66,4 @@ Acknowledgement:
  - Person: egre55
    Handle: '@egre55'
  - Person: Mike Cary
-    Handle: 'grayfold3d'
+    Handle: '@grayfold3d'