Closed Lichtsinnig closed 5 years ago
Hi,
Sorry for the delay between your issue and my reply but I am quite busy these days.
Question 1:
Changing the criticality, you can do it editing the rules.
Question 2: No, it is not yet implemented but it is a nice feature request though. Likely I will implement something of this sort in the next version.
Question 3: The only description of the rule syntax are both on this github README or there https://rawsec.lu/blog/posts/2018/Feb/04/go-evtx-signature-engine/
Hi, thanks for the great utility. Question 1: Tell me how to use "traces" and changing "criticality"
Question 2: Is it possible to create the construction of conditions corresponding to the yara:
Condition: all of them 1 of them (all of ($s)) and !(all of ($x)) $s>10
Question 3: Is there a description of the operators both in yara? https://yara.readthedocs.io/en/v3.4.0/writingrules.html