Incoming feed - YARA Rules Project#

Note

This article describes how to configure incoming feeds for a particular feed source. To see how to configure incoming feeds in general, see Create and configure incoming feeds.

Specifications

Transport type

YARA Rules Project

Content type

Yara Rule JSON

Description

Retrieves YARA rules from the YARA rules GitHub repository . Each rule is ingested as an indicator entity, which can then be used in your investigations on EclecticIQ Intelligence Center.

Overview#

The YARA Rules Project retrieves all YARA files from the YARA rules GitHub repository and ingests them as indicators.

The first time a feed using this transport type runs, it downloads a complete archive of YARA rules GitHub repository and ingests it.

When the feed runs next, it checks for commits to the repository since the last feed run. If there are new commits, this feed retrieves the changed files and ingests them.

Configure the incoming feed#

  1. Create or edit an incoming feed.

  2. Under Transport and content, fill out these fields:

    Note

    Required fields are marked with an asterisk (*).

    Field

    Description

    Transport type*

    Select YARA Rules Project from the drop-down menu.

    Content type*

    Select Yara Rule JSON from the drop-down menu.

    API key

    (Optional) You can provide a GitHub API token.

  3. Store your changes by selecting Save.