vscode-yara icon indicating copy to clipboard operation
vscode-yara copied to clipboard

Published 20 hours ago verified publisher icon infosec-intern

Additional Syntax Opportunities

Open infosec-intern opened this issue 3 years ago • 0 comments

Modules

Probably something along the lines of support.class or support.function according to this textmate documentation

Off the top of my head, there are a few parts that need matching:

  • Module name (pe, elf, cuckoo, etc.)
  • Constants (pe.DLL)
  • Functions (pe.imports(''))
  • Arrays/Dictionaries (pe.version_info[''])

And any of the entries that need strings (e.g. dictionaries) should mark those as string.quoted.double just like regular strings

Rule Tags

Should be pretty straightforward - any words after a colon (:) on the same line as a rule

rule Test : Foo Bar Baz

infosec-intern avatar Jul 20 '21 04:07 infosec-intern