Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update rule format documentation with dynamic details #851

Merged
merged 15 commits into from
Nov 29, 2023
Merged

update rule format documentation with dynamic details #851

merged 15 commits into from
Nov 29, 2023

Conversation

williballenthin
Copy link
Collaborator

documentation updates for mandiant/capa#1697

@williballenthin williballenthin added the documentation Improvements or additions to documentation label Nov 28, 2023
@williballenthin williballenthin mentioned this pull request Nov 28, 2023
Merged
18 tasks
@williballenthin williballenthin marked this pull request as ready for review November 29, 2023 12:33
@williballenthin
Copy link
Collaborator Author

@yelhamer please take a peek

mr-tz
mr-tz reviewed Nov 29, 2023
View reviewed changes
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a few minor suggestions, thanks!

doc/format.md Outdated Show resolved Hide resolved
doc/format.md Outdated Show resolved Hide resolved
doc/format.md Outdated Show resolved Hide resolved
doc/format.md Outdated Show resolved Hide resolved
doc/format.md Outdated Show resolved Hide resolved
doc/format.md Outdated Show resolved Hide resolved
doc/format.md Outdated Show resolved Hide resolved
doc/format.md Outdated

In general, capa collects and merges the features from lower scopes into higher scopes;
for example, features extracted from individual instructions are merged into the function scope that contains the instructions.
This way, you can use the match results against instructions ("the constant X is for crypto algorithm Y") to recognize function-level capabilities ("crypto function Z").

| feature | static scope | dynamic scope |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we better indicate that this is the lowest available scope? e.g. in the text or in the headings?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

better? worse?

doc/format.md Show resolved Hide resolved
doc/format.md Outdated Show resolved Hide resolved
mr-tz
mr-tz reviewed Nov 29, 2023
View reviewed changes
doc/format.md Outdated Show resolved Hide resolved
mr-tz
mr-tz reviewed Nov 29, 2023
View reviewed changes
doc/format.md Outdated Show resolved Hide resolved
mr-tz
mr-tz reviewed Nov 29, 2023
View reviewed changes
doc/format.md Outdated Show resolved Hide resolved
mr-tz
mr-tz approved these changes Nov 29, 2023
View reviewed changes
Copy link
Collaborator

@mr-tz mr-tz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome, thanks! please squash when merging

@williballenthin williballenthin merged commit bdf01d6 into dynamic-rules-mr-2 Nov 29, 2023
1 check passed
@williballenthin williballenthin deleted the dynamic-syntax-doc branch November 29, 2023 13:24
@williballenthin
Copy link
Collaborator Author

good reminder, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mr-tz mr-tz mr-tz approved these changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@williballenthin @mr-tz