Mirrors/SocFortress-Wazuh-Rules
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-12-22 10:57:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create 200100-yara_rules.xml

Browse Source
This commit is contained in:
SOCFortress
2022-08-08 22:34:17 -05:00
committed by GitHub
parent 446ec35e07
commit 4f45e03058
1 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
Yara/200100-yara_rules.xml Normal file
View File

@@ -0,0 +1,34 @@
<!--
- YARA rules
- Created by SOCFortress.
- https://www.socfortress.co
- info@socfortress.co.
-->
<group name="yara,">
<rule id="200100" level="1">
<decoded_as>yara</decoded_as>
<description>YARA rules grouped.</description>
</rule>
<rule id="200101" level="5">
<if_sid>200100</if_sid>
<field name="error_message">\.+</field>
<description>YARA error detected.</description>
</rule>
<rule id="200102" level="7">
<if_sid>200100</if_sid>
<field name="warning_message">\.+</field>
<description>YARA limit reached.</description>
</rule>
<rule id="200103" level="12">
<if_sid>200100</if_sid>
<field name="yara_info">\.+</field>
<mitre>
<id>T1204</id>
</mitre>
<description>YARA $(yara_rule) detected.</description>
</rule>
</group>