YARA Rulesets

To see Targeted reports or Certificate reports, configure the corresponding Yara rules.
Follow the instructions below to create a new Yara Ruleset.

1.Navigate to the YARA Ruleset screen.

2.Click Create YARA Ruleset.

3.Fill in the Name of the ruleset.

4.In the Ruleset field, define the rules. (You can find more information about the YARA rule definition at the bottom of the Create YARA Ruleset screen.)

5.Optionally, fill in the Note. The content of the Note will be displayed in each report generated by this specific ruleset.

6.Select if you want the YARA Ruleset to be Private or not. Private YARA Rulesets will be accessible only to you and the customer's administrators.

7.Click Submit to create a new YARA Ruleset.

 

Each time new information flows into the system, the ruleset will be applied to it. If the information matches a rule, the last matched date/time will be updated in the Yara Matches section.

You can deactivate or delete unnecessary rulesets.

 

The rulesets are sorted by:

•Name—Name of the ruleset

•# Matches—Number of matches the ruleset triggered

•Last match—Date and time when the ruleset was last triggered

•Status—Status of the ruleset

•Enabled—Is the ruleset enabled or disabled

•Owner—Who is the owner of this specific ruleset

•Created—Date and time when the ruleset was created

•Updated—Date and time when the ruleset was last updated

Click Add filter to filter the displayed reports with custom filter parameters.

Using the YARA Ruleset screen

Click the options icon next to the report to display the following:

•Show detail—Display details about the selected report.

•Clone—Clone selected ruleset.

•Enable—Enable or Disable selected ruleset.

•Show Yara matches—Open the YARA Matcher screen filtered only for the selected ruleset.

˄˅