Deep Discovery Inspector uses YARA
rules to identify malware. YARA rules are malware detection patterns that are fully
customizable
to identify targeted attacks and security threats specific to your environment.
YARA rules are applied only to objects submitted to the internal Virtual
Analyzer. No settings under YARA Rules apply to an external Virtual
Analyzer nor Sandbox as a Service. For details about external analysis modules, refer
to the
applicable product Administrator's Guide.
Deep Discovery Inspector supports a
maximum of 5,000 enabled YARA rules regardless of the number of YARA rule files. On
the top-right
corner of the YARA rule table, the Rules in use field indicates the number
of YARA rules currently enabled in the system.
When integrated with Deep Discovery Director, Deep Discovery Director
centrally manages all YARA rules and you must manage the YARA rules in the Deep Discovery
Director management console. For details, see the Deep Discovery Director
Administrator's Guide.
 |
ImportantAfter you register Deep Discovery Inspector to Deep Discovery Director, Deep Discovery Inspector automatically synchronizes YARA rule settings from Deep Discovery Director
and overwrites existing YARA rule settings that you have configured.
|
The following table shows information about YARA rule files.
YARA Rules
|
Field
|
Description
|
|
File Name
|
Name of the YARA rule file.
|
|
Rules
|
Number of YARA rules contained in the YARA rule file.
|
|
Files To Analyze
|
File types to analyze using the YARA rules in the YARA rule file.
|
|
Last Updated
|
Date and time the YARA rule file was last updated.
|