增加规则编写教程
This commit is contained in:
huoji
@@ -25,6 +25,9 @@ https://key08.com/index.php/2022/08/09/1505.html
|
||||
请牢记,RmEye自身定位是轻量级威胁检出工具
|
||||
|
||||
### 最新新闻
|
||||
2022/9/5:
|
||||
增加规则编写教程:
|
||||
https://github.com/RoomaSec/RmEye/doc_rule.md
|
||||
|
||||
2022/8/31:
|
||||
增加进程白名单系统,现在能给进程加白名单了.在打开进程链后,点击某个进程加入白名单即可
|
||||
@@ -137,7 +140,9 @@ rule_engine:
|
||||
```
|
||||
分数代表的是本次规则给进程链所增加的分数,报警是根据前面的MAX_THREAT_SCORE设置的
|
||||
|
||||
具体编写方法请移步:
|
||||
规则编写教程请移步:
|
||||
https://github.com/RoomaSec/RmEye/doc_rule.md
|
||||
规则引擎的语法请移步:
|
||||
https://github.com/zeroSteiner/rule-engine
|
||||
|
||||
yara,需要安装插件,具体请看交流部分
|
||||
|
||||
Reference in New Issue
Block a user