To install and configure the Yara Manager to manage the Yara Connector in the EDR Console.
The Yara Connector can operate on the EDR server independently.
The Yara Manager (optional) provides an easy user interface in the EDR Console to operate the Yara Connector.
B. Install Yara Manager (derived from the EDR User Guide)
1. Create the Carbon Black open source repo
cd /etc/yum.repos.d
curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo
2. Install the cb-yara-manager
yum install python-cb-yara-manager
C. Configure Yara Manager - Optional (derived from User Guide)
1. Create the configuration file.
cd /etc/cb/integrations/cb-yara-manager
cp config.py.example config.py
2. Create the authentication file.
vi /etc/cb/integrations/cb-yara-manager/auth.conf
[auth]
api_token=< create a unique adequately_long_and_complex_password >
(where
adequately_long_and_complex_password_or_token is any passphrase.)
3. Add to /etc/cb/cb.conf
YaraManagerEnabled=true
YaraManagerToken=< insert the unique adequately_long_and_complex_password >
4. To invoke the new cb.conf changes run
/usr/share/cb/cbservice cb-coreservices restart
5. Start the service.
systemctl start cb-yara-manager
6. Confirm that it is running.
ps -ef | grep -i manager (there should be 2 instances running)
7. View Yara Manager in the browser after authenticating to the EDR server.
https://<EDR server IP>/connector/yara
