This topic describes how to use the Yara Manager.

  • Log in to your Carbon Black EDRconsole and browse to https:// <cb_server_url> /connectors/yara , or click Yara Manager on the navigation bar.

Yara Status

The Yara Status page displays Yara Connector status information. The output is taken directly from the Linux service command.

The yara connector status

You can perform the following actions on this page:

  • Get Yara Status — Retrieves the current status of the Yara connector and displays the results in the StdOut and StdErr text boxes.

  • Reset Output — Resets the output.

  • Restart Yara — Restarts the Yara connector.

  • Reset DB — Resets the threat reports database to its empty state. This is typically used after adding Yara rules.

Yara Rules Manager

On the Yara Rules Manager page, you can upload, delete, and download Yara rule files.

The yara rules manager

To upload a new Yara rule, click the Choose File button, select the appropriate . yar file, and click the Upload Rule button.

The Yara Manager supports the upload of multiple Yara rules. You can upload a zip file that contains multiple Yara rules. The Yara Manager extracts the zip file and puts all the rules in the path that the Yara connector configuration file specifies.

To delete all Yara rules click the Purge all Rules button. Alternatively, you can individually download or delete Yara rules.

Yara Configuration

The Yara Configuration page displays the current configuration of the Yara connector.

This information is gathered from the Yara connector’s configuration file. You cannot edit this page; you can only make changes through the connector.conf file.

The yara configuration

Yara Log

The Yara Log page displays the contents of the /var/log/cb/integrations/yara-manager/debug.log file.

The yara log