|
|
@@ -1015,10 +1015,6 @@ expressions. Matching is case-sensitive.
|
|
|
*Example*
|
|
|
[source,eql]
|
|
|
----
|
|
|
-// The two following expressions are equivalent.
|
|
|
-process.name == "*regsvr32*" or process.name == "*explorer*"
|
|
|
-wildcard(process.name, "*regsvr32*", "*explorer*")
|
|
|
-
|
|
|
// process.name = "regsvr32.exe"
|
|
|
wildcard(process.name, "*regsvr32*") // returns true
|
|
|
wildcard(process.name, "*regsvr32*", "*explorer*") // returns true
|
James Rodewig