3.11. Yara rule sources

Under Inventory/Technologies menu it is possible to configure custom Yara sources.

images/download/attachments/32847566/Screenshot_from_2018-10-11_13-22-54.png

To add new source, click on Add new source button. You can specify the type of the source, and the URL itself. The product supports 2 type of Yara sources: network source (HTTP/HTTPS) and local directory. A network source must be a zip file. The content of the zip file will be used by the Yara engine. As a local directory, you can set a local path on the computer. This path must point to a directory. A copy of this directory will be used by the Yara engine.

images/download/attachments/32847566/Screenshot_from_2018-10-11_13-23-29.png

To generate a package, click on the Generate package button. This will start the process, and the start time will be shown next to the buttons. Next to the sources, you can enable or disable the sources. Disabled sources will not be used when generating the next package.

Sources can be modified by clicking the row, and removed by clicking the trash icon on the right side of the rows.

Please note that the included Yara modules are the following:

For more details, check Yara modules documentation.