You can import your existing Yara rules into IBM
QRadar Incident Forensics and IBM
QRadar Network Insights, and use those rules for
matching and flagging malicious content. More than one Yara rule can exist in an imported file.
Uploading a new Yara rules file replaces all existing Yara rules within the system. Upload existing
rules in the new file to retain them.
Procedure
-
Click and select Suspect Content Management.
-
Click Select File.
-
In the File Upload window, browse to the file you want to import and click
Open.
Important: Yara rule names must be unique.
Results
You see a message when the Yara rule is imported successfully.
What to do next
Newly imported Yara rules are not applied retroactively. After you import the Yara
rules, you must perform a full deployment for the changes to take effect.