Importing Yara Rules
Yara Rules help to enhance the detection capabilities of EDR solutions. Yara is a free, open-source tool developed by Virus Total. It is a stand-alone tool that can work on Windows and Linux environments. Yara Rules are often created by threat researchers and shared throughout the cyber security community.
EDR allows you to import Yara rules. You can receive Yara rules from several sources, such as:
- Security vendors share Yara rules in blogs, reports, and investigations
- Free public Yara repositories like Florian Roth and Yara Rules Project
- Threat Intelligence feeds
Perform the following steps to import a new Yara rule:
- Navigate to Configuration > Yara Rules and click New Rule.
- In the General Settings section, click Browse, select the Yara rule you want to import, and click Next.
You can only upload files in the .yar format.
- On the Review and Confirm screen, click to Preview the imported Yara rule and then click Submit.
