I add this to props.conf to detect shellscripts, but interesting enough this not only matches shell-scripts but also a lot of other files as well, not matching the regex.
What am I missing ?
[rule::find_shellscript]
MORE_THAN_0 = ^#!\/bin\/(bash|sh)
LEARN_MODEL=false
LEARN_SOURCETYPE=false
sourcetype=shellscript
