Score tuning for RMM rules

Would be great to have a rule which reduces the score to 60 if "RMM" is in the rule description, because that's usually PUA

```
$ grep RMM yara-rules-full.yar |grep descr
		description = "Detects MeshAgent. Review RMM Inventory"
		description = "Detects Mesh Agent by (default) certificate. Review RMM Inventory"
		description = "Detects ConnectWise Control (formerly ScreenConnect). Review RMM Inventory"
		description = "Detects ConnectWise Control (formerly ScreenConnect) by (default) certificate. Review RMM Inventory"
		description = "Detects FleetDeck Agent. Review RMM Inventory"
		description = "Detects FleetDeck Commander. Review RMM Inventory"
		description = "Detects FleetDeck Commander SVC. Review RMM Inventory"
		description = "Detects FleetDeck Commander Launcher. Review RMM Inventory"
		description = "Detects FleetDeck agent by (default) certificate. Review RMM Inventory"
		description = "Detects PDQ Connect Agent. Review RMM Inventory"
		description = "Detects PDQ Connect Agent by (default) certificate. Review RMM Inventory"
		description = "Detects PulseWay by (default) certificate. Review RMM Inventory"
		description = "Detects Atera. Review RMM Inventory"
		description = "Detects Atera by certificate. Review RMM Inventory"
		description = "Detects Splashtop Streamer. Review RMM Inventory"
		description = "Detects Splashtop Streamer by certificate. Review RMM Inventory"
		description = "Detects AeroAdmin. Review RMM Inventory"
		description = "Detects AeroAdmin by certificate. Review RMM Inventory"
		description = "Detects DWAgent by certificate. Review RMM Inventory"
		description = "Detects TacticalRMM installer"
``` 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Score tuning for RMM rules #63

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Score tuning for RMM rules #63

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions