˄˅

Yara rules

Function availability based on the service level of subscription

Access to this functionality is dependent on the service level of your subscription. Not all functionality described in this topic is available to all users.

To see Targeted Reports, configure the corresponding Yara rules.
Typically, we configure Yara rules and generate targeted reports based on subscriber requirements and the service levels. See our step-by-step instructions below to create a new Yara Ruleset.

1.Click New in the Yara Rulesets screen.

eti_yara_add_ruleset_01

2.Name the rule, define the rule in the Rules field and then click Check Yara Code to make sure the code is valid according to official Yara rules documentation.
The content of the NOTE field will show up in each Targeted report generated for a particular rule.

3.If the code is valid, click Insert Yara Code.

Each time new information flows into the system, the rule set will be applied to it. If information matches a rule, the last matched date/time will be updated in the Yara matches section.

You can deactivate or delete unnecessary rule sets.

Pre-configured Yara rules

Yara rules configured by the ESET Threat Intelligence team based on the submitted "registration form / subscriber requirements" are not visible to users by default. Customers can request the "Yara rules visibility" feature through the support form. The rules then will be displayed in read-only mode. To edit pre-configured Yara rules, submit your request through the support form.

˄˅