logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Yara Components Explained, Installed, Configured with Troubleshooting Tips

EDR: Yara Components Explained, Installed, Configured with Troubleshooting Tips

Environment

  • EDR Server: 7.7.x
  • Yara Connector: 2.2.0
  • Yara Manager: 2.2.0

Objective

To understand, install, configure and troubleshoot Yara in both EDR standalone and cluster environments.

Resolution

Yara, a rules engine from VirusTotal, alerts on binaries executing in the environment.  The yml style rules are created with text or binary patterns.  The Yara Connector processes, analyzes and stores (Solr, Yara DB) the analysis for EDR Console to obtain.  The (Yara Manager, optional) provides access to the Yara-connector via the EDR Console.

  1.  Understanding Yara Components

  2.  Install and Configure Yara Connector

  3.  Install and Configure Yara Manager (optional)

  4.  Adding Yara Rules and Validating

  5.  Troubleshooting Yara


Related Content


Labels (1)
Labels:
Tags (3)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎05-25-2023
Views:
345
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.