Yara Rules Search Tokens
Click to view navigation pane


Yara Rule Tokens in EDR

You can use search tokens to search information about Yara Rules on the Configuration tab.

yara.detectionsyara.detections

Use an integer value to find Yara rules with specific number of detections.

Example

Show Yara rules with detection

yara.detections: 2

yara.fileNameyara.fileName

Use a text value to find a Yara rule with a specific file name.

Example

Show Yara rule with file name

yara.fileName: crypto.yar

yara.rule.importedByyara.rule.importedBy

Use a text value to find a Yara rule imported by a specific user.

Example

Show Yara rules imported by

yara.rule.importedBy: administrator@abc

yara.rule.updatedByyara.rule.updatedBy

Use a text value to find a Yara rule updated by a specific user.

Example

Show Yara rules updated by

yara.rule.updatedBy: administrator@xyz

yara.ruleNameyara.ruleName

 

Use a text value to find a Yara rule with a name.

Example

Show a Yara rule

yara.ruleName: SHA3_constants