Create a rule or set of rules in a rule namespace. Rules are used to help detect
malware.
About this task
For an example of how to create a rule, see the Tutorial Guide
tab.
Procedure
-
On the Rule Manager tab, click Create
Namespace.
- Enter a name and description for the namespace.
- Add one or more rules to the namespace.
- Write one or more rules directly in the Edit YARA rules box.
- Upload a .txt or .yar file that contains one or
more rules.
- Click Upload.
- Select the .txt or .yar file with your rules.
- If the Overwrite Rules prompt appears, choose to either append the rules
you added to the namespace, or to overwrite all rules in the namespace.
- Import a rule from GitHub by entering a link to a .yar file in the
GitHub URL box.
- If prompted, map any include statements in the rules that you are creating or importing
to the namespace that contains the rule.
If the rule exists in the same namespace that you are creating or importing a rule for, or it's
in a file that you are importing, select None (File included in this
Namespace).
Tip: You cannot select the same namespace for more than one import statement at a time.
You cannot select a namespace that includes an import statement that is mapped to another namespace
that you selected for mapping.
- Click Save.