> For the complete documentation index, see [llms.txt](https://docs.stormss.cc/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.stormss.cc/fundamentals/custom-yara/basic-rule-examples.md).

# Basic Rule Examples

{% hint style="danger" %}
Do not add YARA imports to your rules. They are by default implemented into Storm.
{% endhint %}

<details>

<summary>Basic String Based Rule</summary>

Checks if the specific string(s) below are found in the file's PE data.

<pre class="language-clike"><code class="lang-clike"><strong>rule example_detection_name { // Name of the detection
</strong>	meta:
	    rule_name = "Example Cheat" // name of the cheat
	    type = "Detect" // Warning or Detect
	strings: // Checks the pe data of a file
	    $string1 = "foobar" // String value
	condition:
	    $string1 // If text string is found, then flag
}
</code></pre>

In this example, ***foobar*** is the string being searched.

</details>

<details>

<summary>Basic Hex Based Rule</summary>

Checks if the specific hex value(s) below are found in the file's PE data.

```clike
rule example_detection_name { // Name of the detection
	meta:
	    rule_name = "Example Cheat" // name of the cheat
	    type = "Warning" // Warning or Detect
	strings: // Checks the pe data of a file
	    $hex_string = { 48 89 E5 55 48 83 EC 10 } // Hex value
	condition:
	    $hex_string // If hex string is found, then flag
}
```

In this example, the hex value ***48 89 E5 55 48 83 EC 10*** is the hex value being searched.

</details>

<details>

<summary>Basic String and Hex Based Rule</summary>

```clike
rule example_detection_name { // Name of the detection
	meta:
	    rule_name = "Example Cheat" // name of the cheat
	    type = "Detect" // Warning or Detect
	strings: // Checks the pe data of a file
	    $string1 = "foobar" // String value
	    $string2 = { 48 89 E5 55 48 83 EC 10 } // Hex value
	condition:
	    $string1 and $string2 // If both string and hex are found, flag
}
```

</details>

{% hint style="info" %}
Storm also supports other module rules such as recursive, boolean, tags, classification, ranges, binary data matching, and much more. Your imagination is your limit.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.stormss.cc/fundamentals/custom-yara/basic-rule-examples.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.