YARA Matches

Each time a YARA ruleset matches a file, the Last matched date/time is updated.

The Matches are sorted by:

•SHA1—The SHA1 hash of the match

•Rule Name—The name of the ruleset that generated the match

•Read/Unread—The Read/Unread status of the match

•Status—The status of the match

•Type—The type of the match

•Match Hashes—The hashes corresponding to the match

•Last Matched—The date and time of the latest match

Click Add filter to filter the displayed reports with custom filter parameters.

Using the YARA Matches screen

Click the three dots icon next to the report to display the following:

•Show detail—Show the matched file content

•Generate report—Generate a YARA report of the matched and analyzed file for a more detailed report

•Mark YARA match—Select the option:

oMark as read—Mark the selected YARA match as read if it is unread

oMark as unread—Mark the selected YARA match as unread if it is read

To mark matches as read/unread in bulk, select several matches, click the Actions button and select the needed option.