To help keep your organization and clients up to date with the very latest malware threats, we have added the ability to perform live scans of endpoints using YARA rules in Magnet IGNITE.
New and advanced instances of malware are being detected every single day making it impossible for any one antivirus tool to catch them all. YARA rules enables you to leverage the combined experience of the cybersecurity community to identify the latest Indicators of Compromise (IOCs) for malware threats and other malicious files.
What are YARA Rules?
YARA is an open-source tool, commonly referred to as “The pattern matching Swiss knife for malware researchers.” Originally developed by Victor M. Alvarez, YARA uses rule-based approach to characterize malware families based on textual or binary patterns. As for the meaning of the YARA, according to Alvarez: “YARA is an acronym for: “YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice.”
YARA Rules in Magnet IGNITE
A set of common YARA rules has been included IGNITE, including a rule for the most prevalent and widespread pieces of malware: emotet. Globally ranked as the most dangerous trojans, emotet continues to be evolved with advanced persistence and anti-evasion mechanics, making it one of the most dangerous viruses for corporations.
Additional YARA rules can be added to IGNITE through a quick and easy drag-and-drop file upload. Because YARA rules are developed by the cybersecurity frontlines, they often provide the only means of identifying the very latest threats.
Custom YARA rules can also be created to identify unique threats targeting a client’s business. The YARA syntax resembles C language and a guide for writing rules is included in the YARA documentation.
The results of YARA rules scanning in IGNITE provides the details of the resulting match for conditions and the rule itself, which can be used to evaluate and refine custom rules and reduce instances of false positives.
YARA rules scans automatically collects File Log artifacts, so if there are positive hits on your YARA scan you can export the collected artifacts in an MFBD file that can be opened in Magnet AXIOM Cyber for a deep forensic analysis.
Try IGNITE for Yourself
To try scanning for YARA rules in IGNITE, visit the Magnet IGNITE page today to get started with a free trial.