quaxar-yara-rules
List YARA detection rules from S2W Quaxar service.
Syntax
quaxar-yara-rules [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [actors=ACTORS] [malwares=MALWARES] [authors=AUTHORS] [pretty=PRETTY]
Options
- profile=PROFILE
- Optional. QUAXAR connect profile code
- duration=NUM{mon|w|d|h|m|s}
- Optional. Scan only recent data. Use s(second), m(minute), h(hour), d(day), mon(month) time unit.
- from=yyyyMMddHHmmss
- Optional. Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- Optional. End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- actors=ACTORS
- Optional. Comma-separated threat actor filter.
- malwares=MALWARES
- Optional. Comma-separated malware filter.
- authors=AUTHORS
- Optional. Comma-separated author filter.
- pretty=PRETTY
- Optional. Set t to enable pretty print with line breaks (default: f).
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| profile | String | Connect profile | Profile name of QUAXAR |
| id | String | ID | SIGV rule ID |
| type | String | Type | Detection rule type |
| name | String | Name | Rule name |
| description | String | Description | |
| created | Date | Created | Creation time |
| modified | Date | Modified | Last modified time |
| author | String | Author | Rule author |
| pattern | String | Pattern | Detection pattern |
| threat_actors | String | Threat actors | Newline-separated names |
| malwares | String | Malwares | Newline-separated names |
| campaigns | String | Campaigns | Newline-separated names |
| quaxar_links | String | QXR links | Newline-separated URLs |
| references | String | References | Newline-separated references |