Kaspersky Anti Targeted Attack Platform
6.0
English

Contents

Filtering and searching YARA rules

To filter or search for YARA rules by required criteria:

  1. In the window of the application web interface, select the Custom rules section, YARA subsection.

    This opens the YARA rule table.

  2. Depending on the filtering criterion, do the following:
    • By creation time
      1. Click the Created link to open the filter settings window.
      2. Select one of the following options:
        • Any time if you want the table to display rules created at any time.
        • Last hour if you want the application to display the rules that were created during the last hour in the table.
        • Last day if you want the application to display the rules that were created during the last day in the table.
        • Custom range if you want the application to display the rules that were created during the period you specify in the table.
      3. If you selected Custom range, select the start and end dates for the period and click Apply.
    • By rule name
      1. Click the Rule name link to open the filtering menu.
      2. In the drop-down list, select one of the following filtering operators:
        • Contain
        • Not contain
      3. In the text box, type the name of the rule or a sequence of characters from the name of the rule.
      4. Click Apply.
    • By file name
      1. Click the File name link to open the filtering menu.
      2. In the drop-down list, select one of the following filtering operators:
        • Contain
        • Not contain
      3. In the entry field, type the name of the file or a sequence of characters from the name of the file.
      4. Click Apply.
    • By the name of the user who uploaded the rules file
      1. Click the Created by link to open the filtering menu.
      2. In the drop-down list, select one of the following filtering operators:
        • Contain
        • Not contain
      3. In the text box, type the user name or a sequence of characters from the user name.
      4. Click Apply.
    • By rule state
      1. Click the Traffic scanning link to expand the filter settings list.
      2. Select one of the following options:
        • All
        • Enabled
        • Disabled

The table displays only rules that match the specified criteria.

You can use multiple filters at the same time.

See also

Viewing the YARA rule table

Configuring YARA rule table display

Importing YARA rules

Viewing YARA rule details

Clearing a YARA rule filter

Enabling and disabling YARA rules

Deleting YARA rules
Page top
[Topic 225009]