-
Notifications
You must be signed in to change notification settings - Fork 0
Writing heuristic rules
iam-py-test edited this page Oct 10, 2021
·
1 revision
rule_name: The name of the rule, used for records purposes
rule_desc: A short description of the rule's purpose, for records purposes
detection_name: The detection name shown to the user when the threat is detected (note: Heuristics: will be automatically added)
detection_type: The type of threat this rule detects (i.e. PUP, Trojan, Hacktool). Some day this will be implemented, but for now has no real purpose
simple_mode: No idea what this could be used for. Maybe some day I will add a simple mode which is designed to have fewer false positives and an easier to use interface.
rule: The rule contents