Hello Yara Users,
I am exploring Yara to build a rules engine where each rule has a priority
attached along with an associated action. Sharing an example list of rules
below for context.
Rule-A { priority: 1, conditions { ... }, action: allow }
Rule-B { priority: 2, conditions { ... }, action: allow }
Rule-C { priority: 3, conditions { ... }, action: deny }
Input for rules evaluation can match multiple rules. Lets say in the above
example both Rule-B & Rule-C are a match. Since Rule-B has higher priority
( lower priority value equals higher priority ) the result action to return
is "allow".
I am looking for comments / suggestions on whether it is feasible to model
rule priority in Yara ( not just by mere location of where the rule appears
in the yara file ) ?
Thanks,
Sridhar BV
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/yara-project/d37ed346-16b8-4a4c-870a-38c1168206f0n%40googlegroups.com.
