Fryyyyy
commented
4 months ago +1 to outputting this when there's a match, please!
Closed codedninja closed 4 months ago
Fryyyyy
commented
4 months ago +1 to outputting this when there's a match, please!
jpds
commented
4 months ago 
plusvic
commented
4 months ago I've exposed the metadata both in the Rust and Python APIs, but I would like to hear more about your use cases. This is something that you want to use also from the CLI?
yara has a --print-meta options that prints the metadata information for every matching rule. But I don't think that option is really useful if you want to use that information in some script or automation. Instead of replicating the --print-meta option in yara-x, my idea is adding an option to the CLI that dumps the information about matches in JSON or YAML (or both). This way, the matching information can be easily parsed by other tools, and it can include not only the rule name for each match, but also the rule's metadata.
Would you find it helpful?
codedninja
commented
4 months ago I am totally fine with it being in the APIs, I mainly use meta tags for giving the rule a score or sending alerts to email/webhooks/etc inside of the meta tags.
Thanks for adding the Meta tag support so quickly! In a few I will create a PR for adding support for to the go package.
plusvic
commented
4 months ago Then I'm closing this issue.
The parser parses the meta fields but the compiler doesn't do anything with those fields. I was curious if there is any plans to add that functionality in anytime soon.
I utilize meta fields for additional information when processing a match in my code.