Open YamatoSecurity opened 2 weeks ago
It seems like a lot of work to implement, but if it makes it easier to understand the cause of the detection, I think it is a good idea. I don't understand the structure of YML, so I would like to know what to color and how to color it 🙏
I like this way. Any field name with field:
format is blue. Field values are the regular color (black or white), or could do orange like in the example.
Comments (# this is a comment
) should be green.
Optionally we could make numerals (1232
, etc.. ) and true
/false
values a different color but I don't think this is necessary.
@YamatoSecurity Is it like this?
@nishikawaakira That looks great. The example doesn't have a comment in there but if the # This is a comment
lines are green (like the description
in the example), then that is ok.
@YamatoSecurity I've been trying various things, but when fields in the rule file are added or changed, it causes a mismatch with the structure definition, and Nim's YAML library throws an exception and crashes. Is this an issue? I'd like to consider whether it's better to leave it as it is or proceed with this approach.
Depending on the browser, some browsers will only let you download the YML file when clicking the link which is not convenient for looking up rules. @nishikawaakira What about creating colored syntax highlighted HTML pages based on the YML files when running the
html-report
command and then open up that HTML when someone clicks on a rule link?