Scripts
Scripts component allows you to create rules based on properties of executed script exposed by AMSI.
Property |
Type |
Description |
|---|---|---|
Script |
String |
Script received by ESET PROTECT On-Prem via AMSI intergration |
ScriptLength |
Int |
Length of the script (count of characters) |
ScriptSha1 |
Hash |
SHA1 hash of the script fragment |
ScriptSha256 |
Hash |
SHA256 hash of the script fragment |
Example
<rule> <definition> <operations> <operation type="Scripts"> <condition component="Scripts" property="ScriptLength" condition="greaterOrEqual" value="15" /> </operation> </operations> </definition> <description> <name>amsiTriggerScriptLength</name> <category>TEST</category> </description> </rule> |
Supported operations
•Scripts