Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional Syntax Opportunities #50

Open
infosec-intern opened this issue Jul 20, 2021 · 0 comments
Open

Additional Syntax Opportunities #50

infosec-intern opened this issue Jul 20, 2021 · 0 comments
Labels
enhancement

Comments

@infosec-intern
Copy link
Owner

infosec-intern commented Jul 20, 2021
edited
Loading

Modules

Probably something along the lines of support.class or support.function according to this textmate documentation

Off the top of my head, there are a few parts that need matching:

  • Module name (pe, elf, cuckoo, etc.)
  • Constants (pe.DLL)
  • Functions (pe.imports(''))
  • Arrays/Dictionaries (pe.version_info[''])

And any of the entries that need strings (e.g. dictionaries) should mark those as string.quoted.double just like regular strings

Rule Tags

Should be pretty straightforward - any words after a colon (:) on the same line as a rule

rule Test : Foo Bar Baz
@infosec-intern infosec-intern changed the title Look into syntaxes for modules Additional Syntax Opportunities Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@infosec-intern