EDR Yara Components Explained, Installed, Configured with Troubleshooting Tips

search cancel

EDR Yara Components Explained, Installed, Configured with Troubleshooting Tips

book

Article ID: 285263

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To understand, install, configure and troubleshoot Yara in both EDR standalone and cluster environments.

Environment

EDR Server: 7.7.x
Yara Connector: 2.2.0
Yara Manager: 2.2.0

Resolution

Yara, a rules engine from VirusTotal, alerts on binaries executing in the environment. The yml style rules are created with text or binary patterns. The Yara Connector processes, analyzes and stores (Solr, Yara DB) the analysis for EDR Console to obtain. The (Yara Manager, optional) provides access to the Yara-connector via the EDR Console.

Understanding Yara Components
Install and Configure Yara Connector
Install and Configure Yara Manager (optional)
Adding Yara Rules and Validating
Troubleshooting Yara

Additional Information

Yara Complete - Understanding and Deploying Yara

Feedback

thumb_up Yes

thumb_down No