in geneve/kql/eql2kql.py [0:0]
def _walk_function_call(self, tree): # type: (eql.ast.FunctionCall) -> KqlNode
if tree.name in ("wildcard", "cidrMatch"):
if isinstance(tree.arguments[0], Field):
if tree.name == "wildcard":
args = []
for arg in tree.arguments[1:]:
if '*' in arg.value or '?' in arg.value:
args.append(Wildcard(arg.value))
else:
args.append(arg)
return FieldComparison(tree.arguments[0], OrValues(args))
else:
return FieldComparison(tree.arguments[0], OrValues(tree.arguments[1:]))
raise eql.errors.EqlCompileError("Unable to convert `{}`".format(tree))