YARA rulesets

To see Targeted Reports or Certificate reports, configure the corresponding Yara rules.
Follow the instructions below to create a new Yara Ruleset.

1.Navigate to YARA Ruleset screen.

2.Click Create YARA Ruleset.

3.Fill in the Name of the ruleset.

4.In the Ruleset field, define the rules. ( You can find more information about the YARA rule definition at the bottom of the Create YARA Ruleset screen.)

5.Optionally, fill in the Note. The content of the Note will be displayed in each report generated by this specific ruleset.

6.Select if you want the YARA Ruleset to be Private or not. Private YARA Rulesets will be accessible only to you and customer's administrators.

7.Click Submit to create new YARA Ruleset.

 

Each time new information flows into the system, the rule set will be applied to it. If information matches a rule, the last matched date/time will be updated in the Yara matches section.

You can deactivate or delete unnecessary rule sets.

 

The Rulesets are sorted by:

•Name—Name of the ruleset

•# Matches—Number of matches the ruleset triggered.

•Last match—Date and time when was the ruleset last triggered

•Status—Status of the ruleset

•Enabled—Is the ruleset enabled or disabled

•Owner—Who is the owner off this specific ruleset

•Created—Date and time when was the ruleset created

•Updated—Date and time when was the ruleset last updated

 

But you can also Add filter to filter the displayed reports with a custom filter parameters:

 

Using the YARA Ruleset screen:

Click on the options icon next to the report to display the following:

•Show detail—Display details about the selected report.

•Clone—Clone selected ruleset.

•Enable—Enable or Disable selected ruleset.

•Show Yara matches—Open YARA matcher screen filtered only for selected ruleset.

˄˅