ATLAS Support for Visual Studio Code
ATLAS is a rule-based approach for malware or kill-chain analysis description. It is a way to store and share in an actionable way. For more information about ATLAS, you could check out the Github repository.
With this extension, VSCode gains support for ATLAS rules.
An ATLAS rule might contain scripts in a base64 encoded to ease storage and sharing. But this decision comes with a penalty; you must do base64 encode/decode plenty of times during development.
The most important feature of this extension is to auto-create and update scripts from the folder. Other than that, it has basic completion, hovers, and snippet.
The extension can be installed by VSCode Marketplace directly.
Create and fill the scripts section
As the name suggests, with this command, it is possible to form the scripts section automatically.
Sync the scripts section
Traverse all the keys inside the scripts section and try to get the latest version to update their record.
The chain section of an ATLAS rule consists of sub-chains. On the other hand, a sub-chain can contain a couple of keys: input, func, and expect.
As described above, there are functions for func and expect keys and they all have a purpose and syntax. The extension gives information about the function below the mouse cursor.
While executing the Create and fill the scripts section or Sync the scripts section commands, it records those custom entry points' details. Then the extension gives information about the function below the mouse cursor.
The extension comes with a snippet, a basic ATLAS rule to start a new development.
If you encounter an issue with the extension, feel free to create an issue or pull request!