logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Yara Components Explained, Installed, Configured with Troubleshooting Tips

EDR: Yara Components Explained, Installed, Configured with Troubleshooting Tips

Environment

  • EDR Server: 7.7.x
  • Yara Connector: 2.2.0
  • Yara Manager: 2.2.0

Objective

To understand, install, configure and troubleshoot Yara in both EDR standalone and cluster environments.

Resolution

Yara, a rules engine from VirusTotal, alerts on binaries executing in the environment.  The yml style rules are created with text or binary patterns.  The Yara Connector processes, analyzes and stores (Solr, Yara DB) the analysis for EDR Console to obtain.  The (Yara Manager, optional) provides access to the Yara-connector via the EDR Console.

  1.  Understanding Yara Components

  2.  Install and Configure Yara Connector

  3.  Install and Configure Yara Manager (optional)

  4.  Adding Yara Rules and Validating

  5.  Troubleshooting Yara


Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎05-25-2023
Views:
186
Contributors
logo