Viewing YARA rule details

To view YARA rule details:

1. In the window of the application web interface, select the Custom rules section, YARA subsection.

   This opens the YARA rule table.

2. Select the rule for which you want to view information.

This opens a window containing information about the rule.

The window contains the following information:

• Click the Alerts link to display the alert table in a new browser tab. The alerts are filtered by the Targeted Attack Analyzer technology and the name of the TAA (IOA) rule that you are working on.
• The Start YARA scan link opens the task creation window.
• The Download link lets you download a file with YARA rules.
• Rule name is the name of the rule specified in the file.
• Traffic scan is the usage status of the rule when stream scanning files and objects arriving at the Central Node:
• Type is the type of the rule depending on the role of the server which generated it:
  • Global—Created on the PCN server. These rules are used to scan files and objects received at the PCN server and all SCN servers connected to that PCN server. Scanned files and objects belong to the tenant which the user is managing in the application web interface.
  • Local—Created on the SCN server. These rules are used to scan files and objects received at the SCN server. Scanned files and objects belong to the tenant which the user is managing in the application web interface.
• Importance—Importance level that is assigned to an alert generated using this rule.

  By default, alerts generated by uploaded YARA rules are assigned a high level of importance.

• Description is any additional information about the rule that you specified.
• Apply to – name of servers with the Central Node component on which the rule is applied.