This topic describes how to use the Yara Manager.
- Log in to your Carbon Black EDRconsole and browse to
https://
<cb_server_url>/connectors/yara
, or click Yara Manager on the navigation bar.
Yara Status
The Yara Status page displays Yara Connector status information. The output is taken directly from the Linux service command.
You can perform the following actions on this page:
-
Get Yara Status — Retrieves the current status of the Yara connector and displays the results in the StdOut and StdErr text boxes.
-
Reset Output — Resets the output.
-
Restart Yara — Restarts the Yara connector.
-
Reset DB — Resets the threat reports database to its empty state. This is typically used after adding Yara rules.
Yara Rules Manager
On the Yara Rules Manager page, you can upload, delete, and download Yara rule files.
To upload a new Yara rule, click the Choose File button, select the appropriate . yar
file, and click the Upload Rule button.
The Yara Manager supports the upload of multiple Yara rules. You can upload a zip file that contains multiple Yara rules. The Yara Manager extracts the zip file and puts all the rules in the path that the Yara connector configuration file specifies.
To delete all Yara rules click the Purge all Rules button. Alternatively, you can individually download or delete Yara rules.
Yara Configuration
The Yara Configuration page displays the current configuration of the Yara connector.
This information is gathered from the Yara connector’s configuration file. You cannot edit this page; you can only make changes through the connector.conf file.
Yara Log
The Yara Log page displays the contents of the /var/log/cb/integrations/yara-manager/debug.log file.