# local.d/external_services_group.conf

description = "Oletools content rules";
symbols = {
  "OLETOOLS" {
    weight = 1.0;
    description = "OLETOOLS found a Macro";
    one_shot = true;
  },
  "OLETOOLS_MACRO_FOUND" {
    weight = 0.0;
    one_shot = true;
  },
  "OLETOOLS_AUTOEXEC" {
    weight = 0.0;
    one_shot = true;
  },
  "OLETOOLS_SUSPICIOUS" {
    weight = 0.0;
    one_shot = true;
  },
  "OLETOOLS_VBASTOMP" {
    weight = 0.0;
    one_shot = true;
  },
  "OLETOOLS_A" {
    weight = 0.0;
    one_shot = true;
  },
  "OLETOOLS_W" {
    weight = 0.0;
    one_shot = true;
  },
  "OLETOOLS_X" {
    weight = 0.0;
    one_shot = true;
  },
}