CB Response: Does the Yara Connector Require File Types to Be Specified in Rules?
Article ID: 287397
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Are file type specifications required for Yara Connector rules?
Environment
- CB Response Server: All Supported Versions
- CB Response Yara Connector: All Supported Versions
Resolution
- No, since Yara rules are based on strings, a file extension specification is not required.
Additional Information
- Regular expressions can also be used in Yara Rules.
- Functionally, the Yara connector scans the modulestore, which collects PE / executable files.
- The majority of file extensions will consist of: .exes , .dlls and .sys files.
Feedback
Yes
No
Powered by
