Importing Yara rules
You can import your existing Yara rules into IBM® QRadar® Incident Forensics and IBM QRadar Network Insights, and use those rules for matching and flagging malicious content. More than one Yara rule can exist in an imported file. Uploading a new Yara rules file replaces all existing Yara rules within the system. Upload existing rules in the new file to retain them.
- Click Suspect Content Management. and select
- Click Select File.
In the File Upload window, browse to the file you want to import and click
Important: Yara rule names must be unique.
You see a message when the Yara rule is imported successfully.
Newly imported Yara rules are not applied retroactively. After you import the Yara rules, you must perform a full deployment for the changes to take effect.