MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-modules/doc/expansion/yara_query.json

10 lines
924 B
JSON
Raw Blame History

{
"description": "An expansion & hover module to translate any hash attribute into a yara rule.",
"logo": "logos/yara.png",
"requirements": ["yara-python python library"],
"features": "The module takes a hash attribute (md5, sha1, sha256, imphash) as input, and is returning a YARA rule from it. This YARA rule is also validated using the same method as in 'yara_syntax_validator' module.\nBoth hover and expansion functionalities are supported with this module, where the hover part is displaying the resulting YARA rule and the expansion part allows you to add the rule as a new attribute, as usual with expansion modules.",
"input": "MISP Hash attribute (md5, sha1, sha256, imphash, or any of the composite attribute with filename and one of the previous hash type).",
"output": "YARA rule.",
"references": ["https://virustotal.github.io/yara/", "https://github.com/virustotal/yara-python"]
}
Reference in New Issue View Git Blame Copy Permalink