Adding a YARA Rule File

YARA rules on managed appliances will be overwritten after syncing with Deep Discovery Director (Consolidated Mode). To ensure that no YARA rules are lost, export them from the managed appliances and add them to Deep Discovery Director (Consolidated Mode).

  1. Go to Threat Intelligence > Custom Intelligence > YARA Rules.

    The YARA Rules screen appears.

  2. Click Add.

    The Add YARA Rule File dialog appears.

  3. Click Select to locate a YARA rule file to add.
  4. To specify the file types that Virtual Analyzer processes specific to this YARA rule file, select or type to search a file type and press ENTER. Select All file types to let Virtual Analyzer process all file types with this YARA rule file.
    Note:
    • Trend Micro recommends only specifying the file types targeted by the YARA rules. The All file types option includes additional file types that are not supported by Virtual Analyzer. Only Deep Discovery Email Inspector utilizes those additional file types.

    • File types that are not supported by Virtual Analyzer can be added as custom file types. Only Deep Discovery Email Inspector utilizes custom file types.

  5. Select the risk level for the YARA rules in the file.
    Note:

    Only Deep Discovery Email Inspector utilizes these risk levels.

  6. (Optional) Type a description for this YARA rule file.
  7. Click Add.

    The YARA rule file appears in the YARA Rules list. Registered appliances receive the updated YARA Rules list during the next synchronization.