# Basic Rule Examples

{% hint style="danger" %}
Do not add YARA imports to your rules. They are by default implemented into Storm.
{% endhint %}

<details>

<summary>Basic String Based Rule</summary>

Checks if the specific string(s) below are found in the file's PE data.

<pre class="language-clike"><code class="lang-clike"><strong>rule example_detection_name { // Name of the detection
</strong>	meta:
	    rule_name = "Example Cheat" // name of the cheat
	    type = "Detect" // Warning or Detect
	strings: // Checks the pe data of a file
	    $string1 = "foobar" // String value
	condition:
	    $string1 // If text string is found, then flag
}
</code></pre>

In this example, ***foobar*** is the string being searched.

</details>

<details>

<summary>Basic Hex Based Rule</summary>

Checks if the specific hex value(s) below are found in the file's PE data.

```clike
rule example_detection_name { // Name of the detection
	meta:
	    rule_name = "Example Cheat" // name of the cheat
	    type = "Warning" // Warning or Detect
	strings: // Checks the pe data of a file
	    $hex_string = { 48 89 E5 55 48 83 EC 10 } // Hex value
	condition:
	    $hex_string // If hex string is found, then flag
}
```

In this example, the hex value ***48 89 E5 55 48 83 EC 10*** is the hex value being searched.

</details>

<details>

<summary>Basic String and Hex Based Rule</summary>

```clike
rule example_detection_name { // Name of the detection
	meta:
	    rule_name = "Example Cheat" // name of the cheat
	    type = "Detect" // Warning or Detect
	strings: // Checks the pe data of a file
	    $string1 = "foobar" // String value
	    $string2 = { 48 89 E5 55 48 83 EC 10 } // Hex value
	condition:
	    $string1 and $string2 // If both string and hex are found, flag
}
```

</details>

{% hint style="info" %}
Storm also supports other module rules such as recursive, boolean, tags, classification, ranges, binary data matching, and much more. Your imagination is your limit.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stormss.cc/fundamentals/custom-yara/basic-rule-examples.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.