| @@ -102,7 +102,6 @@ def _list_rule(rule_id, level, field, lookup, list_name, description, techniques | ||
| mitre = _mitre_block(techniques, " ") | ||
| return ( | ||
| f' <rule id="{rule_id}" level="{level}">\n' | ||
| - | f' <field name="{field}" type="pcre2">\\S+</field>\n' | |
| f' <list field="{field}" lookup="{lookup}">etc/lists/{list_name}</list>\n' | ||
| f' <description>{escape(description)}: $({field})</description>\n' | ||
| f'{mitre}' | ||
| @@ -114,7 +113,6 @@ def _url_rule(rule_id, level, list_name, techniques): | ||
| mitre = _mitre_block(techniques, " ") | ||
| return ( | ||
| f' <rule id="{rule_id}" level="{level}">\n' | ||
| - | f' <field name="url" type="pcre2">\\S+</field>\n' | |
| f' <list field="url" lookup="match_key">etc/lists/{list_name}</list>\n' | ||
| f' <description>Request to CTI-flagged URL: $(url)</description>\n' | ||
| f'{mitre}' |