What is Yara?
Single API.
Yara is a tool that helps malware researchers identify and classify malware samples. With Yara, you can create descriptions of malware families based on textual or binary patterns.
Integration actions
Allows Yara scanning on file content.
Whom is it built for?
Internal IR Teams and Consultants.
Why is it useful?
The Cyber Triage/Yara integration allows users to use the latest rules that antivirus software may not know to use. The integration gives consultants broader coverage when hunting in an enterprise and allows companies to scan for the latest threats. Consultants can also utilize the integration to customize what Cyber Triage is looking for and make it fit a specific use case.
Where is it used?
Users can supply Yara rules in Cyber Triage to analyze collected files. Yara allows malware researchers to define binary patterns that can be easily shared. When you configure Cyber Triage with Yara rules, they will be applied to all collected files, such as startup items and scheduled tasks.
What is the required Cyber Triage version?
Standard and Team.
Additional links
- virustotal.github.io/yara/
- Search for Advanced Malware in Cyber Triage Using Yara Rules
- github.com/Yara-Rules/rules
*For more information about this integration contact our sales team: sales@cybertriage.com.