增加规则编写教程

2022-09-05 16:46:47 +08:00
parent fe69282d89
commit d503827ad0
9 changed files with 117 additions and 1 deletions
--- a/Server/rules/py/action.py
+++ b/Server/rules/py/action.py
@@ -161,5 +161,12 @@ rule = [
        ],
        'score': 50,
        'name': '创建可疑文件'
+    },
+    {
+        'rules': [
+            'action == "imageload" and imageloaded == "c:\\windows\\system32\\samlib.dll"',
+        ],
+        'score': 10,
+        'name': 'samlib的dll被加载'
    }
 ]