Skip to content

Support for multiple rules per file, addition of minimum_yara metadata
Compare
Choose a tag to compare
@cccs-gm cccs-gm released this 25 May 20:31
· 132 commits to master since this release
v1.3
46bbc06
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

NEW FEATURES

  • handling multi-rule YARA files via a new yara_file_processor.py library
  • string_encoding: allow of ASCII, UTF-8 or any encoding configured in: validator_cfg.yml: Default utf-8.
  • added -g to yara_validator_cli.py: suppresses the generation of id, fingerprint, version, first_imported or last_modified and will return invalid of those fields are missing.

CHANGES

  • @malvidin's pull request #18 and #24 have been merged in. Including many of the stylistic changes:
    • strips down the requirements.txt so that it no longer includes the items that will be installed when stix2 is installed
    • renames the cfg folder to stix2_patch
  • @BitsOfBinary made the suggestion of a yara_version optional metadata entry in pull request #29.
    • incorporated as "minimum_yara" using the existing valid_version()
  • more permissive values allowed for the value of info|exploit|technique|tool|malware (any non-lowercase UTF-8 characters #28 )
  • more permissive author values (include special characters, eg. @, %)

BUG FIXES

  • fixed the entry for source in CCCS-YARA.yml, when source = "OPENSOURCE" a reference must be provided
Assets 2
Loading