Importing YARA rules

To import YARA rules:

1. In the window of the program web interface, select the Custom rules section, YARA subsection.
2. Click Upload.

   This opens the file selection window.

3. Select the YARA rules file that you want to upload and click the Open button.

   This closes the file selection window and opens the Import YARA rules window.

   The maximum allowed size of an uploaded file is 20 MB.

   A report is displayed in the lower part of the window. The report contains the following information:

   • The number of rules that can be successfully imported.
   • The number of rules that will not be imported (if any).

     For each rule that cannot be imported, its name is listed.

4. Select the Traffic scan check box if you want to use imported rules for streaming scans of objects and data received at the Central Node.
5. If necessary, enter any additional information in the Description field.

   The Importance field cannot be edited. By default, alerts generated by uploaded YARA rules are assigned a high level of importance.

6. Under Apply to, select check boxes corresponding to servers on which you want to apply the rules.

   This field is displayed only when you are using the distributed solution and multitenancy mode.

   

   Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

   

   Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

7. Click Save.

Imported rules are displayed in the table of YARA rules.