Scripts
Scripts component allows you to create rules based on properties of executed script exposed by AMSI.
This component has two properties:
Property |
Type |
Description |
|---|---|---|
Script |
String |
Script received by ESET PROTECT On-Prem via AMSI intergration |
ScriptLength |
Int |
Length of the script (count of characters) |
ScriptSha1 |
Hash |
SHA1 hash of the script fragment |
ScriptSha256 |
Hash |
SHA256 hash of the script fragment |
Example:
<rule> <definition> <operations> <operation type="Scripts"> <condition component="Scripts" property="ScriptLength" condition="greaterOrEqual" value="15" /> </operation> </operations> </definition> <description> <name>amsiTriggerScriptLength</name> <category>TEST</category> </description> </rule> |
Supported Operations and their components:
|
Scripts |
|---|---|
Scripts |
X |