How to Manage YARA Rules |
Click YARA rules at the top of the Dr.Web vxCube main page to see all YARA rules available for your account. The YARA rule list that opens includes the following information for each rule: •The rule type ( •Name: The rule name. •Maliciousness: The maliciousness level specified in the rule. •Tags: Tags specified in the rule. •Matches: The total amount of matches for the particular rule. •Last matched: The date when the rule was last triggered. If the trigger occurred today, the time will be shown instead of the date. •State: The current state of the rule (enabled/disabled).
Figure 9. The list of YARA rules In the list of YARA rules, you can: •Search for rules by their names and tags •Filter rules by type (system/user) •Sort rules •View information about rule matches (the name of the file that the rule was triggered on, the date of triggering, OS) |