Importing Yara Rules

Yara Rules help to enhance the detection capabilities of EDR solutions. Yara is a free, open-source tool developed by Virus Total. It is a stand-alone tool that can work on Windows and Linux environments. Yara Rules are often created by threat researchers and shared throughout the cyber security community.

Qualys Multi-Vector EDR can allow you to import Yara rules. You can receive Yara rules from several sources, such as:

- Security vendors share Yara rules in blogs, reports, and investigations

- Free public Yara repositories like Florian Roth and Yara Rules Project

- Threat Intelligence feeds

To import a new Yara rule, simply navigate to Configuration > Yara Rules and click New Rule.

Yara Rules Navigation

In the General Settings section, click browse, select the Yara rule you want to import, and click Next.

General Settings

Note: You can only upload files in the .yar format.

On the Review and Confirm screen, click to preview the imported Yara rule and then click Submit.

Submit Yara Rule