To install and configure the Yara Manager to manage the Yara Connector in the EDR Console.

• EDR Server: 7.7.x
• Yara Connector: 2.2.0
• Yara Manager: 2.2.0

The Yara Connector can operate on the EDR server independently. 
The Yara Manager (optional) provides an easy user interface in the EDR Console to operate the Yara Connector.
 

A. Install the Yara Connector first.

B.  Install Yara Manager (derived from the EDR User Guide)

  1. Create the Carbon Black open source repo

cd /etc/yum.repos.d
curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo

  2. Install the cb-yara-manager

yum install python-cb-yara-manager

 

C.  Configure Yara Manager - Optional (derived from User Guide)

1. Create the configuration file. 

cd /etc/cb/integrations/cb-yara-manager 
cp config.py.example config.py

2. Create the authentication file. 

vi /etc/cb/integrations/cb-yara-manager/auth.conf
[auth]
api_token=< create a unique adequately_long_and_complex_password >

     (where adequately_long_and_complex_password_or_token is any passphrase.)
3. Add to /etc/cb/cb.conf 

YaraManagerEnabled=true
YaraManagerToken=< insert the unique adequately_long_and_complex_password >

4. To invoke the new cb.conf changes run

/usr/share/cb/cbservice cb-coreservices restart

5. Start the service. 

systemctl start cb-yara-manager

6. Confirm that it is running. 

ps -ef | grep -i manager (there should be 2 instances running)

7. View Yara Manager in the browser after authenticating to the EDR server.

https://<EDR server IP>/connector/yara