Yara
Yara
Author: Nils Kuhnert, CERT-Bund; Fabien Bloume, StrangeBee
License: AGPL-V3
Version: 3.0
Supported observables types:
- file
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Check files against YARA rules, either from local filesystem or from one or multiple GitHub repositories. NOTE: Performance & execution time may be much longer according to the number of rules checked.
Configuration
| rules |
Define the path rules folder |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
True |
| Is required |
False |
| github_urls |
GitHub URLs to get rules from. Expected format: https://github.com/owner/repo/tree/main or https://github.com/owner/repo/tree/main/subdir |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
True |
| Is required |
False |
| github_token |
GitHub Private Access Token |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
False |
| files_limit |
Enforce a limit on the number of YARA files downloaded or tested against the file. Adjust with care as this may impact analysis time and resources on your Cortex instance. |
| Default value if not configured |
400 |
| Type of the configuration item |
number |
| The configuration item can contain multiple values |
False |
| Is required |
False |
Templates samples for TheHive
No template samples to display.