Deep Discovery products use YARA rules to identify malware. YARA rules are malware detection patterns
that are fully customizable to identify targeted attacks and security threats specific
to your environment.
Deep Discovery Director (Consolidated Mode) supports a maximum of 5,000 YARA rules regardless of the number of YARA rule files.
The following table shows information about YARA rule files.
YARA Rules
|
Column
|
Description
|
||
|
File Name
|
Name of the YARA rule file.
|
||
|
Rules
|
Number of YARA rules contained in the YARA rule file.
|
||
|
Files To Analyze
|
File types to analyze using the YARA rules in the YARA rule file.
|
||
|
Risk Level
|
Risk level of the YARA rules.
|
||
|
Description
|
Description of the YARA rule file.
|
||
|
Last Updated
|
Date and time the YARA rule file was last updated.
|
||
|
Updated By
|
The account that last updated the YARA rule file.
|
||
|
Network Detections
|
Click a number to drill-down to the Network
Detections screen with filters applied. The number only includes detections from
Deep Discovery Inspector
appliances.
|
||
|
Email Messages
|
Click a number to drill-down to the Email
Messages screen with filters applied. The number only includes email messages
from Deep Discovery Email Inspector
appliances.
|
