It would be really helpful if the rules manager supported rule exclusions. These aren't in YARA-L format, and instead are a chain of conditional statements in text format like: (principal.process.command_line = /foo/) AND (principal.process.command_line = /bar/).

The CLI would need to support reading the text-format files plus assigning the exclusion to existing rules. Hope there's an API for this, because it would be great to be able to have these in code!