YARA rules are descriptions of malware samples and patterns that can help detect and classify malware in files, memory and on the network.

In a rule, the criteria is defined and tags are specified. When the rule is enabled, tags are assigned to files that meet the criteria for the rule.

DCS 6.9.x, 6.10.x

Does DCS support importing and executing custom YARA rules for file or memory pattern scanning on endpoints?

If supported, can detections triggered by these YARA rules generate alerts or incidents, rather than being limited to file-search or hunting activities?

DCS does not currently support YARA rules. 

They serve more as a procedure than a complete solution — they scan files, memory, or network traffic for defined patterns, and if a match is found, it indicates the presence of a known or suspected malicious entity.

In contrast, DCS takes a more proactive approach based on sandboxing and by blocking or allowing behaviors based on predefined rules. 

Please contact Technical Support if a customer submits a valid security use case so it can be verified by DCS Product Management.