Releases: CybercentreCanada/CCCS-Yara
Releases · CybercentreCanada/CCCS-Yara
v2.6
v2.5
v2.4
v2.3
v2.2
v2.1
CCCS-Yara is now pip-installable and available on PyPI
Merge pull request #53 from CybercentreCanada/package pip-installable Package
Version 1.6.2
NEW FEATURES
- Added the -st flag to the yara_validator_cli.py. This causes the cli to return a exit code 49 for warnings.
- Added a validity check with the yara-python library
- Added the -m flag to the yara_validator_cli.py. This flag overrides the check for modules that have not been imported.
CHANGES
- Updating the MITRE ATT&CK submodule to the version 8.2
- Added yara-python>=4.0.2 to the requirements.txt file
BUG FIXES
- A couple of bug fixes related to the new yara-python validity check, these bugs resulted in rules that should be valid getting marked invalid
- Fixed a bug that caused yara_file_processor.py to exit with an error if a string was passed instead of a Path object.
- Fixed a bug that would cause lines with only space or tab characters to double on each pass with the -i flag.
Auto generation of MITRE ATT&CK software ids
NEW FEATURES
- Automatic generation of mitre_att software ids for malware or tool names found in the MITRE ATT&CK database
CHANGES
- Updating the MITRE ATT&CK submodule to the latest released version
BUG FIXES
- None
Change default behaviour of the cli
NEW FEATURES
- None
CHANGES
-
changed the error message for missing metadata that could have been generated
- "⚙️ Missing metadata that could have been generated with the -i or -c flag for the cli"
-
changed the default behaviour of the cli
- a rule now returns invalid if it is missing the 'id', 'fingerprint', 'version', 'first_imported' or 'last_modified' metadata
- see PR #34 for details on the reason behind this
BUG FIXES
- None