Deep Discovery products use YARA rules to identify malware. YARA rules are malware detection patterns that are fully customizable to identify targeted attacks and security threats specific to your environment.
Deep Discovery Director (Internal Network Analytics Version) supports a maximum of 5,000 YARA rules regardless of the number of YARA rule files.
The following table shows information about YARA rule files.
|
Column |
Description |
|---|---|
|
File Name |
Name of the YARA rule file. |
|
Rules |
Number of YARA rules contained in the YARA rule file. |
|
Files To Analyze |
File types to analyze using the YARA rules in the YARA rule file. |
|
Risk Level |
Risk level of the YARA rules. Note:
Only Deep Discovery Email Inspector utilizes these risk levels. |
|
Description |
Description of the YARA rule file. |
|
Last Updated |
Date and time the YARA rule file was last updated. |
|
Updated By |
The account that last updated the YARA rule file. |
|
Network Detections |
Click a number to drill-down to the Network Detections screen with filters applied. The number only includes detections from Deep Discovery Inspector appliances. |
|
Email Messages |
Click a number to drill-down to the Email Messages screen with filters applied. The number only includes email messages from Deep Discovery Email Inspector appliances. |
This feature or screen is not available when Deep Discovery Director (Internal Network Analytics Version) is operating in Standalone Network Analytics mode.