update documentation and metadata

README.md

@@ -0,0 +1,21 @@
+# CVE-2022-26809
+
+Detection of attempts and successful exploitation of
+[CVE-2022-26809](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809),
+a remote code execution vulnerability over DCE/RPC. This package is described in
+detail in [this Corelight blogpost](#). This package generates the following notices:
+
+* `CVE_2022_26809::ExploitAttempt`, and
+* `CVE_2022_26809::ExploitSuccess`
+
+The first is generated when an attack is attempted, but does not necessarily
+succeed. The second is fired only when a successful exploit is detected and
+should be investigated immediately. No new logs are generated. This package can
+be installed with `zkg` using the following commands:
+
+```
+$ zkg refresh
+$ zkg install cve-2022-26809
+```
+
+Corelight customers can install it by updating the CVE bundle.

zkg.meta

@@ -1,17 +1,13 @@
 [package]
 script_dir = scripts
 test_command = cd testing && btest -c btest.cfg
-summary = TODO: A summary of FooBar in one line
-description = TODO: A more detailed description of FooBar.
-	It can span multiple lines, with this indentation.
+summary = Detects attempts and exploits of CVE-2022-26809
+description = CVE-2022-26809 is a DCE/RPC RCE exploit.
+	This package detects both attempts and successful exploits.
 depends = 
 	zeek >=4.0.0
 
 [template]
 source = package-template
 version = v0.99.0
 zkg_version = 2.12.0
-
-[template_vars]
-name = FooBar
-