Louisiana Cyber Investigators Alliance (LCIA) - www.la-safe.org
Developed by: Darrell Miller : [email protected]
Simple script that creates simple yara rules for volcano for identifying IoC's a csv file.
usage: yara-gen.py [-h] -i INPUT -o OUTPUT [-rn RULENAME]
-h, --help show this help message and exit
-i INPUT, --input INPUT
input csv file, format: type,indicator
-o OUTPUT, --output OUTPUT
output file name for yara rule
-rn RULENAME, --rulename RULENAME
custom rule name, default is filename of input file
-- no rule name, rule name defaults to input name without .csv
%> python yara-gen.py --input LCIA-Case2309321.csv --output LCIA-Case2309321.yara
-- custom rule name added
%> python yara-gen.py --input output.csv --output LCIA-Case2309321.yara --rulename LCIA-Case2309321
output of both:
Purpose: simple script to turn a csv in the format: <indicator type>, <indicator> into a yara rule.
example: 'ipv4,' , one type and indicator per line
LCIA-Case2309321 {
any of them