Support neq and fieldref|neq modifiers #1684
Description
In the new 2.1 specification https://github.com/SigmaHQ/sigma-specification/blob/main/specification/sigma-appendix-modifiers.md , the neq modifier has been added.
neq: The field is different from the specified values.
It can also be used with fieldref (|fieldref|neq:) to see if two field values are different.
fieldref: Modifies a plain string into a field reference. A field reference can be used to compare fields of matched events directly at query/matching time. Can be conbine with the neq modifier.
Since we already use this logic in our rules, I would like to support this so we can update our rules to the official format.
@fukusuket Could you take a look at this when you get a chance?