I was checking out this repo on using a custom config for a webshell usecase.
I think it would be helpful to allow a custom configuration option to enter a string to match rule name - for example "webshell" would match on any rules with the name webshell or enable specifying a param to match string.
After cutting down targeted rules, you can then run qa/performance checks etc.
I couldnt see if there was an option to do this directly in yara-forge, so at the moment I think im better off using a simple plyara script with your output rules - but it would be a cool feature to include directly in yara-forge config options.
Hi team,
I was checking out this repo on using a custom config for a webshell usecase. I think it would be helpful to allow a custom configuration option to enter a string to match rule name - for example "webshell" would match on any rules with the name webshell or enable specifying a param to match string.
After cutting down targeted rules, you can then run qa/performance checks etc.
I couldnt see if there was an option to do this directly in yara-forge, so at the moment I think im better off using a simple plyara script with your output rules - but it would be a cool feature to include directly in yara-forge config options.