From a6ee59370842def927074700244f9d5b85b1c42b Mon Sep 17 00:00:00 2001 From: raviteja7 Date: Tue, 22 Nov 2016 15:30:40 -0500 Subject: [PATCH] Update writingrules.rst --- docs/writingrules.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/writingrules.rst b/docs/writingrules.rst index 82a0dd0bec..2fc57c4fd1 100644 --- a/docs/writingrules.rst +++ b/docs/writingrules.rst @@ -70,7 +70,7 @@ Rules are generally composed of two sections: strings definition and condition. The strings definition section can be omitted if the rule doesn't rely on any string, but the condition section is always required. The strings definition section is where the strings that will be part of the rule are defined. Each -string has an identifier consisting in a $ character followed by a sequence of +string has an identifier consisting of a $ character followed by a sequence of alphanumeric characters and underscores, these identifiers can be used in the condition section to refer to the corresponding string. Strings can be defined in text or hexadecimal form, as shown in the following example:: @@ -94,7 +94,7 @@ The condition section is where the logic of the rule resides. This section must contain a boolean expression telling under which circumstances a file or process satisfies the rule or not. Generally, the condition will refer to previously defined strings by using their identifiers. In this context the string -identifier acts as a boolean variable which evaluate to true of the string was +identifier acts as a boolean variable which evaluate to true if the string was found in the file or process memory, or false if otherwise. Comments