This repository has been archived by the owner on Apr 28, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
config.toml
77 lines (70 loc) · 2.11 KB
/
config.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# This is the yaramanager configuration file.
[yaramanager]
## Editor
# editor contains the command used to start the editor. Note that this must be a list of the command and the needed
# parameters, e.g. `editor = ["codium", "-w"]`.
editor = [ "codium", "-w" ]
## Debug
# Enables or disables debug output.
debug = false
## Ruleset Meta Key
# ruleset_meta_key contains the key which should be used for ruleset detection.
ruleset_meta_key = "ruleset"
## Template
# Template used for creating new rules.
template = """
rule apt_ZZ_RuleTemplate : apt zz {
meta:
author = "My Name"
description = "This is a rule template that will be used for creating new rules."
tlp = "white"
ruleset = "Template 1"
strings:
$x1 = "Must1" ascii
$x2 = "Must2" ascii
$x3 = "Must3" wide
$s1 = "Should1" ascii
$s2 = "Should2" ascii
$s3 = "Should3" ascii
$s4 = "Should4" ascii
$s5 = "Should5" ascii
condition:
uint16(0) == 0x5a4d and (
all of ($x*) and 2 of ($s*) or
all of ($s*)
)
}
"""
## DB
# The DB section contains the database configuration.
[yaramanager.db]
# Selected
# The currently selected db from the list of databases below
selected = 0
# Databases
# A list of databases. Every database needs to define a driver and a path, such as
#
# [[yaramanager.db.databases]]
# driver = "sqlite"
# path = "/home/user/.config/yaramanager/data.db"
# [[yaramanager.db.databases]]
# driver = "mysql+pymysql"
# path = "user:[email protected]/database"
# [[yaramanager.db.databases]]
# driver = "postgresql+psycopg2"
# path = "user:[email protected]/database"
# {init_database}
## Meta
# This section contains all meta keys that should be printed in table views. The format is:
# Heading = "meta key"
[yaramanager.meta]
Author = "author"
TLP = "tlp"
Created = "created"
Modified = "modified"
## Ensure
# Rule attributes to ensure (ym list --ensure, -e). ensure_meta contains a list of meta attributes, ensure_tag just
# requires tags set.
[yaramanager.ensure]
ensure_meta = [ "author", "tlp", "description" ]
ensure_tag = true