Deep Discovery Email
Inspector
uses YARA rules to identify malware. YARA rules are malware detection patterns
that are fully customizable to identify targeted attacks and security threats
specific to your environment.
Deep Discovery Email
Inspector supports a maximum of 5,000 enabled
YARA rules regardless of the number of YARA rule files. On the top-right corner of
the YARA rule
table, the Rules in use field indicates the number of YARA rules currently
enabled in the system.
 |
ImportantAfter you register Deep Discovery Email
Inspector to Deep Discovery Director, Deep Discovery Email
Inspector automatically synchronizes YARA rule settings from Deep Discovery Director
and overwrites existing YARA rule settings that you have configured.
|
The following table shows information about YARA rule files.
YARA Rules
|
Field
|
Description
|
|
File name
|
Name of the YARA rule file.
|
|
Risk level
|
Risk level of the YARA rules.
|
|
Rules
|
Number of YARA rules contained in the YARA rule file.
|
|
Files to analyze
|
File types to analyze using the YARA rules in the YARA rule file.
|
|
Last Updated
|
Date and time the YARA rule file was last updated.
|
|
Status
|
Toggle to enable or disable the YARA rule file.
|