增加规则编写教程

2022-09-05 16:46:47 +08:00
parent fe69282d89
commit d503827ad0
9 changed files with 117 additions and 1 deletions
--- a/Server/rules/py/action.py
+++ b/Server/rules/py/action.py
@@ -161,5 +161,12 @@ rule = [
        ],
        'score': 50,
        'name': '创建可疑文件'
+    },
+    {
+        'rules': [
+            'action == "imageload" and imageloaded == "c:\\windows\\system32\\samlib.dll"',
+        ],
+        'score': 10,
+        'name': 'samlib的dll被加载'
    }
 ]
--- a/Server/webserver.py
+++ b/Server/webserver.py
@@ -219,4 +219,6 @@ if __name__ == "__main__":
    # 如果你觉得日志太多了,去掉这个注释...
    flask_log = logging.getLogger("werkzeug")
    flask_log.setLevel(logging.ERROR)
+    print("注意,你正在使用测试版,请随时关注github以获取最新版本:")
+    print("https://github.com/RoomaSec/RmEye")
    app.run(debug=True, host="0.0.0.0")