YARA Rulesets

Configure the YARA rules to see the corresponding YARA reports.

Follow the instruction below to create a new YARA Ruleset.

1.Navigate to the YARA Ruleset screen.

2.Click Create YARA Ruleset.

3.Fill in the Name of the ruleset.

4.In the Ruleset field, define the rules. (You can find more information about the YARA rule definition at the bottom of the Create YARA Ruleset screen.)

5.Optionally, fill in the Note. The Note content is displayed in each report generated by this specific ruleset.

6.Select the Make YARA ruleset private check box if you want the YARA Ruleset to be private. Private YARA Rulesets are accessible only to you and the customer's administrators.

7.Click Submit to create a new YARA Ruleset.

Each time new information flows into the system, the ruleset is applied to it. If the information matches a rule, the last matched date/time is updated in the YARA Matches section.

You can deactivate or delete unnecessary rulesets.

The rulesets are sorted by:

•Name—The name of the ruleset

•# Matches—The number of matches the ruleset triggered

•Last Match—The date and time the ruleset was last triggered

•Status—The status of the ruleset

•Enabled—The Enabled/Disabled status of the ruleset

•Created By—The user who created the ruleset

•Created—The date and time when the ruleset was created

•Updated—The date and time when the ruleset was last updated

Click Add filter to filter the displayed reports with custom filter parameters.

Using the YARA Ruleset screen

Click the three dots icon next to the report to display the following:

•Show detail—Display details about the selected report

•Clone—Clone the selected ruleset

•Enable—Enable or disable the selected ruleset

•Show YARA matches—Open the YARA Matches screen filtered only for the selected ruleset