rf-detection-rules
Search detection rules from Recorded Future.
Syntax
rf-detection-rules [profile=PROFILE] [type=TYPE] [title=TITLE] [pretty=PRETTY]
- profile=PROFILE
- Optional. Recorded Future connect profile code
- type=TYPE
- Optional. Rule type filter (yara, sigma, snort)
- title=TITLE
- Optional. Title filter (substring match)
- pretty=PRETTY
- Optional. Join entities with comma (t/f). Default: f
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| doc_id | String | Doc ID | Document ID |
| type | String | Type | Rule type (yara, sigma, snort) |
| title | String | Title | Rule title |
| file_name | String | File Name | Rule file name |
| created | Date | Created | Creation time |
| updated | Date | Updated | Last update time |
| tags | List | Tags | Related tags (string if pretty=t) |
| content | String | Content | Rule content |