|
|
@ -59,6 +59,16 @@ def process_rules(data):
|
|
|
|
value = [value]
|
|
|
|
value = [value]
|
|
|
|
if field == "src":
|
|
|
|
if field == "src":
|
|
|
|
continue
|
|
|
|
continue
|
|
|
|
|
|
|
|
if field == "tokens":
|
|
|
|
|
|
|
|
for token in value:
|
|
|
|
|
|
|
|
if "tokens" in message:
|
|
|
|
|
|
|
|
if token in message["tokens"]:
|
|
|
|
|
|
|
|
matched_field_number += 1
|
|
|
|
|
|
|
|
matched_fields.append(field)
|
|
|
|
|
|
|
|
# Break out of the token matching loop
|
|
|
|
|
|
|
|
break
|
|
|
|
|
|
|
|
# Continue to next field
|
|
|
|
|
|
|
|
continue
|
|
|
|
if field in message and message[field] in value:
|
|
|
|
if field in message and message[field] in value:
|
|
|
|
matched_field_number += 1
|
|
|
|
matched_field_number += 1
|
|
|
|
matched_fields.append(field)
|
|
|
|
matched_fields.append(field)
|
|
|
|