Skip to content

Instantly share code, notes, and snippets.

@stvemillertime
Forked from wxsBSD/sets.md
Created April 29, 2022 15:05
Show Gist options
  • Save stvemillertime/be6f4e133796d219b3dbef2199421ca3 to your computer and use it in GitHub Desktop.
Save stvemillertime/be6f4e133796d219b3dbef2199421ca3 to your computer and use it in GitHub Desktop.
Example of using rule sets to write higher order logic
wxs@wxs-mbp yara % cat rules/sets.yara
rule a0 { condition: false }
rule a1 { condition: true }
rule b { condition: 1 of (a*) }
rule c { condition: 2 of (a*) }
rule d { condition: 50% of (a*) }
rule e { condition: 1 of (a1) }
rule f { condition: all of (a1, e) }
wxs@wxs-mbp yara %
wxs@wxs-mbp yara % ./yara rules/sets.yara /bin/ls
a1 /bin/ls
b /bin/ls
d /bin/ls
e /bin/ls
f /bin/ls
wxs@wxs-mbp yara %
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment