maestro-add-pattern
Adds a pattern expression to a Maestro pattern group. Use this command to register a new pattern in a pattern group used by detection rules.
Command properties
| Item | Description |
|---|---|
| Command type | Driver query |
| Required permission | User |
| License usage | Non-licensed command |
| Parallel execution | Not supported |
| Distributed execution | Not supported |
Syntax
maestro-add-pattern group=GUID expr=expression [rule=rule_name]
Options
group=GUID- GUID of the pattern group to add the pattern to. Required option.
expr=expression- Pattern expression to add. Required option.
rule=rule_name- Rule name associated with the pattern.
Description
Adds a pattern expression to the specified pattern group. A pattern addition is performed for each input record passed through the pipeline and the record is output as-is.
Examples
-
Add a pattern to a pattern group
| makeresults | maestro-add-pattern group="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" expr="malware-*.exe" rule="Malware filename detection"Adds a malware filename pattern to the pattern group.