Multiple YARA rules search?
80 views
Skip to first unread message
Xavier Mertens
Mar 1, 2024, 5:36:16 AM3/1/24
to velociraptor-discuss
Hello Velociraptor community!
Maybe a dumb question but… when I check all the YARA implementations in Artifacts, we must provide the YARA rule to use but…
Is there a way to deploy a set of YARA rules and use them in bulk?
Tx!
Maybe a dumb question but… when I check all the YARA implementations in Artifacts, we must provide the YARA rule to use but…
Is there a way to deploy a set of YARA rules and use them in bulk?
Tx!
Matt Green
Mar 1, 2024, 5:58:17 AM3/1/24
to Xavier Mertens, velociraptor-discuss
Hey Xavier,
I usually just cat my curated rules together (remember the line break) but I guess you just want to point to multiple online sources?
I think the best way to do this would be another artifact that would take your multiple sources and concat them together then just call the desired artifact.
Matt
--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/10D17F95-56C3-41CA-87F4-AE930C9612A0%40gmail.com.
--
Matthew Green
Xavier Mertens
Mar 1, 2024, 6:40:43 AM3/1/24
to Matt Green, velociraptor-discuss
Hi Matt,
That’s what I’m testing now… I pasted a big bunch of YARA rules in the Artefacts parameters… We’ll see, I’m curious about the performance :)
Reply all
Reply to author
Forward
0 new messages