yara-x 1.15.0

A pure Rust implementation of YARA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

// THIS FILE IS GENERATED AUTOMATICALLY. DO NOT EDIT.
// LINT: LEGACY_NAMES

syntax = "proto3";

package vt.sigma;

import "vt/filetypes.proto";

message SigmaMatch {
  repeated SigmaMatchContext match_context = 1;
  vt.sigma.SigmaRule.Level rule_level = 2;
  string rule_id = 3;
  string rule_source = 4;
  string rule_title = 5;
  string rule_description = 6;
  string rule_author = 7;
}

message SigmaMatchContext {
  map<string, string> values = 1;
}

message SigmaRule {
  enum Level {
    unknown = 0;
    low = 1;
    medium = 2;
    high = 3;
    critical = 4;
  }

  string rule = 1;
  string title = 2;
  LogSource log_source = 3;
  string status = 4;
  string description = 5;
  repeated string references = 6;
  repeated string fields = 7;
  repeated string false_positives = 8;
  vt.sigma.SigmaRule.Level level = 9;
  string source = 10;
  repeated string tags = 11;
  Detection detection = 12;
  string author = 13;
  string source_url = 14;
}

message LogSource {
  string category = 1;
  string product = 2;
  string service = 3;
  string definition = 4;
}

message Detection {
  string condition = 1;
  map<string, string> details = 2;
}