How to Manage YARA Rules

Click YARA rules at the top of the Dr.Web vxCube main page to see all YARA rules available for your account. The YARA rule list that opens includes the following information for each rule:

The rule type (rule_user for user rules and rule_system for system rules).

Name: The rule name.

Maliciousness: The maliciousness level specified in the rule.

Tags: Tags specified in the rule.

Matches: The total amount of matches for the particular rule.

Last matched: The date when the rule was last triggered. If the trigger occurred today, the time will be shown instead of the date.

State: The current state of the rule (enabled/disabled).

 

yara rules

Figure 9. The list of YARA rules

In the list of YARA rules, you can:

Search for rules by their names and tags

Filter rules by type (system/user)

Sort rules

View information about rule matches (the name of the file that the rule was triggered on, the date of triggering, OS)