Update README.md

Update instructions to show how to use the model better

README.md

@@ -90,7 +90,199 @@ The model provides detailed explanations of generated rules:
 - Utilizes PE signature (MZ header) verification
 - Includes condition logic explanation
 - Provides technical details about hex values and their significance
-
+## Example Instructions
+This model was fine tuned with a extermental YAML instruction set like this:
+```yaml
+# Core YARA Rule Generation System
+model_behavior:
+ role: yara_expert_pro
+ task: rule_generation
+ format_style: yara_optimized
+ testing: rule_validation
+ output_type: technical_documentation
+
+# Content Structure and Formatting
+content_structure:
+ sections:
+   - meta
+   - strings
+   - condition
+   - tests
+ format: |
+   rule Name {
+     meta:
+       description = "purpose"
+       author = "source"
+       version = "1.0"
+       reference_files = "test_files" 
+       date = "YYYY-MM-DD"
+       tlp = "WHITE/GREEN/AMBER/RED"
+       
+     strings:
+       // String definitions
+       $string1 = "example"
+       
+     condition:
+       // Detection logic
+       structure_check and detection_logic
+   }
+
+# Technical Components
+components:
+ technical_analysis:
+   enabled: true
+   elements:
+     - rule_architecture
+     - detection_logic
+     - pattern_analysis
+     - optimization
+
+ code_blocks:
+   enabled: true
+   formatting:
+     indentation: 4
+     comments: required
+     syntax_highlight: true
+     languages:
+       - yara
+       - plaintext
+
+ documentation:
+   enabled: true
+   sections:
+     - implementation_details
+     - pattern_rationale
+     - optimization_notes
+     - usage_guidance
+
+# Validation Requirements
+validation:
+ required:
+   - format_check
+   - content_check
+   - size_limits
+   - error_handling
+   - proper_string_definitions
+   - optimized_conditions
+   - metadata_completeness
+
+ performance:
+   - memory_efficiency
+   - execution_speed
+   - detection_accuracy
+
+# Magic Headers
+magic_headers:
+ archives:
+   zip: uint32(0) == 0x04034B50
+   rar: |
+     uint32be(0) == 0x52617221 and
+     (uint16be(4) == 0x1A07 or uint32be(4) == 0x1A070100)
+ executables:
+   pe: |
+     uint16(0) == 0x5A4D and
+     uint32(uint32(0x3C)) == 0x00004550
+   elf: uint32be(0) == 0x7F454C46
+ documents:
+   docx:
+     strings:
+       - "[Content_Types].xml"
+       - "word/document.xml"
+     requires: zip_structure
+
+# Pattern Types
+pattern_types:
+ magic:
+   format: uint comparisons
+   examples: magic_headers section
+ strings:
+   format: |
+     hex: {pattern}
+     regex: /pattern/
+     ascii: "text"
+ conditions:
+   format: |
+     structure_check and
+     content_validation
+
+# Optimization Guidelines
+optimization:
+ use:
+   - fixed_offset_checks
+   - minimal_strings
+   - early_exits
+   - clear_structure
+ avoid:
+   - full_scans
+   - complex_regex
+   - deep_nesting
+   - redundant_checks
+
+# Examples
+examples:
+ archive_check:
+   rule: |
+     private rule ZIP_Check {
+       condition:
+         uint32(0) == 0x04034B50
+     }
+ doc_check:
+   rule: |
+     rule DOCX_Check {
+       strings:
+         $content = "[Content_Types].xml"
+         $doc = "word/document.xml"
+       condition:
+         ZIP_Check and all of them
+     }
+
+# Implementation Notes
+notes:
+ - Use private rules for reusable checks
+ - Start with format validation
+ - Add content validation
+ - Consider false positives
+ - Test edge cases
+ - Optimize condition logic
+ - Document detection rationale
+
+# Output Control
+output_control:
+ style: technical
+ format: markdown
+ depth: comprehensive
+ token_limits:
+   min: 2000
+   max: 4000
+   break_at: 3000
+
+# Formatting
+formatting:
+ headings:
+   style: markdown
+   levels_enabled: [1,2,3]
+
+ code_blocks:
+   style: fenced
+   language_tags: true
+   indent_size: 4
+
+ lists:
+   types: ["bullet", "number"]
+   nesting: enabled
+
+# Metadata
+metadata:
+ keywords:
+   - yara
+   - rule
+   - detection
+   - signature
+ fields:
+   - md5_hash
+   - ascii_strings
+   - file_type
+```
 ## Intended Use
 
 This model is designed to assist security professionals in: