Adding a YARA Rule File

When integrated with Deep Discovery Director 5.0 or later, Deep Discovery Director centrally manages all YARA rules and you must manage the YARA rules in the Deep Discovery Director management console. For details, see the Deep Discovery Director Administrator's Guide.

Procedure

Go to Administration → Virtual Analyzer → Internal Virtual Analyzer → YARA Rules.
Click Add to add a YARA rule file.

The Add YARA Rule File window appears.

In the new window that opens, configure the following:

Rule file: Browse and select a YARA rule file to add.

Files to analyze: Select file types that Virtual Analyzer processes specific to this YARA rule file.

Note

Analyzing all file types may cause unintended detections. Trend Micro recommends analyzing specific file types that are targeted by the YARA rule file.

Click Add when you have selected the YARA rule file to add and the file types to analyze.

Virtual Analyzer validates the YARA rule file before adding it.

$('#title').html($('meta[name=description]').attr('content'));