22 lines
489 B
Text
22 lines
489 B
Text
[
|
|
{
|
|
"rulename": "ramnit",
|
|
"if": {
|
|
"malware.name": "ramnit-.*$"
|
|
},
|
|
"then": {
|
|
"classification.identifier": "ramnit"
|
|
}
|
|
},
|
|
{
|
|
"rulename": "default",
|
|
"if": {
|
|
"malware.name": ".*",
|
|
"classification.taxonomy": "malicious code",
|
|
"classification.identifier": ""
|
|
},
|
|
"then": {
|
|
"classification.identifier": "{msg[malware.name]}"
|
|
}
|
|
}
|
|
]
|