Views:
Important
Important
  • After you register Deep Discovery Inspector to Deep Discovery Director, Deep Discovery Inspector automatically synchronizes YARA rule settings from Deep Discovery Director and overwrites existing YARA rule settings that you have configured.
  • All settings under YARA Rules apply only to objects submitted to the internal Virtual Analyzer.
YARA rules are malware detection patterns that are fully customizable to identify targeted attacks and security threats specific to your environment. Deep Discovery Inspector uses YARA rules to identify malware.
Deep Discovery Inspector supports a maximum of 5,000 enabled YARA rules regardless of the number of YARA rule files. On the top-right corner of the YARA rule table, the Rules in use field indicates the number of YARA rules currently enabled in the system.
When integrated with Deep Discovery Director, Deep Discovery Director centrally manages all YARA rules and you must manage the YARA rules in the Deep Discovery Director management console. For details, see the Deep Discovery Director Administrator's Guide.
The following table shows information about YARA rule files.
Field
Description
File Name
Name of the YARA rule file.
Rules
Number of YARA rules contained in the YARA rule file.
Files To Analyze
File types to analyze using the YARA rules in the YARA rule file.
Last Updated
Date and time the YARA rule file was last updated.
Related information