Rules within this directory were created by the Google SecOps team and members of the Google Cloud Security Community. These rules take advantage of the latest YARA-L syntax and are provided as examples that can be customized to fit your organization's unique environment or serve as inspiration for your detection use cases.
The detection logic for many of these rules is quite broad – it is strongly discouraged to enable all of these rules in SecOps without careful review, testing, and customization.