Open YamatoSecurity opened 2 weeks ago
nishikawaakira
commented
1 week ago It seems like a lot of work to implement, but if it makes it easier to understand the cause of the detection, I think it is a good idea. I don't understand the structure of YML, so I would like to know what to color and how to color it 🙏
YamatoSecurity
commented
1 week ago I like this way. Any field name with field: format is blue. Field values are the regular color (black or white), or could do orange like in the example.
Comments (# this is a comment) should be green.
Optionally we could make numerals (1232, etc.. ) and true/false values a different color but I don't think this is necessary.
nishikawaakira
commented
6 days ago @YamatoSecurity
Is it like this?
YamatoSecurity
commented
6 days ago @nishikawaakira That looks great. The example doesn't have a comment in there but if the # This is a comment lines are green (like the description in the example), then that is ok.
nishikawaakira
commented
10 hours ago @YamatoSecurity I've been trying various things, but when fields in the rule file are added or changed, it causes a mismatch with the structure definition, and Nim's YAML library throws an exception and crashes. Is this an issue? I'd like to consider whether it's better to leave it as it is or proceed with this approach.
Depending on the browser, some browsers will only let you download the YML file when clicking the link which is not convenient for looking up rules. @nishikawaakira What about creating colored syntax highlighted HTML pages based on the YML files when running the
html-reportcommand and then open up that HTML when someone clicks on a rule link?