Creating rules

Create a rule or set of rules in a rule namespace. Rules are used to help detect malware.

About this task

For an example of how to create a rule, see the Tutorial Guide tab.

Procedure

  1. On the Rule Manager tab, click Create Namespace.
  2. Enter a name and description for the namespace.
  3. Add one or more rules to the namespace.
    • Write one or more rules directly in the Edit YARA rules box.
    • Upload a .txt or .yar file that contains one or more rules.
      1. Click Upload.
      2. Select the .txt or .yar file with your rules.
      3. If the Overwrite Rules prompt appears, choose to either append the rules you added to the namespace, or to overwrite all rules in the namespace.
    • Import a rule from GitHub by entering a link to a .yar file in the GitHub URL box.
      Tip: To import multiple rules from a GitHub repo, see Importing rules from GitHub.
  4. If prompted, map any include statements in the rules that you are creating or importing to the namespace that contains the rule.

    If the rule exists in the same namespace that you are creating or importing a rule for, or it's in a file that you are importing, select None (File included in this Namespace).

    Tip: You cannot select the same namespace for more than one import statement at a time. You cannot select a namespace that includes an import statement that is mapped to another namespace that you selected for mapping.
  5. Click Save.