Yara Rules help to enhance the detection capabilities of EDR solutions. Yara is a free, open-source tool developed by Virus Total. It is a stand-alone tool that can work on Windows and Linux environments. Yara Rules are often created by threat researchers and shared throughout the cyber security community.
Qualys Multi-Vector EDR can allow you to import Yara rules. You can receive Yara rules from several sources, such as:
- Security vendors share Yara rules in blogs, reports, and investigations
- Free public Yara repositories like Florian Roth and Yara Rules Project
- Threat Intelligence feeds
To import a new Yara rule, simply navigate to Configuration > Yara Rules and click New Rule.
In the General Settings section, click browse, select the Yara rule you want to import, and click Next.
Note: You can only upload files in the .yar format.
On the Review and Confirm screen, click to preview the imported Yara rule and then click Submit.