Message platform for automated threat simulation, reporting, detection, and remediation
摘要
說(shuō)明書
Additionally, the rule content 1330 may be input by one of two YARA editors, a basic YARA editor or an advanced YARA editor. The basic editor works with the string editor to create YARA compliant strings and set one or more YARA conditions to create a YARA rule. Strings may be associated with a variable name, as well as flag information. The flag may be used to indicate additional information about the strings. Such information includes, but is not limited to, if the string is an ASCII string, if the string is a full word, if the string can be any case (i.e. lower case or upper case), and if each character in the string is represented by two bytes. The basic YARA editor also allows the user to test the YARA rule against a report. If the rule is created from a cluster, the test will also show all of the reports in the cluster which match the rule. The advanced YARA editor allows a user to directly write YARA strings and conditions, as well as paste them from other sources, to create YARA rules.
