Debugging for /lookup command #229

IlluminatiFish · 2024-03-26T16:15:46Z

The /lookup command should have a debug argument so that rule developers and maintainers can access matches in an non-intrusive way.

Ideally the lookup command in debug mode will return a list of files that were matched against the highest weighted rules.

For example:

+==============+==============+==========================+
|     File     | Matched Rule |      Match Metadata      |
+==============+==============+==========================+
| Activate.ps1 | some_rule_1  | line {lineno} - {string} |
+--------------+--------------+--------------------------+
| __init__.py  | some_rule_2  | line {lineno} - {string} |
+--------------+--------------+--------------------------+

Files that match some_rule_1 which has a weight of 10 will appear above files that match some_rule_2 that have a weight of 8

The text was updated successfully, but these errors were encountered:

jonathan-d-zhang · 2024-03-26T17:10:05Z

This will need to wait for match information to be tracked in both mainframe and the clients.

IlluminatiFish added the enhancement New feature or request label May 15, 2024

IlluminatiFish assigned jonathan-d-zhang May 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Debugging for /lookup command #229

Debugging for /lookup command #229

IlluminatiFish commented Mar 26, 2024

jonathan-d-zhang commented Mar 26, 2024

Debugging for /lookup command #229

Debugging for /lookup command #229

Comments

IlluminatiFish commented Mar 26, 2024

jonathan-d-zhang commented Mar 26, 2024