LogoLogo
Log In
  • Introduction
  • Registration
  • Pre-Requirements & Initialization of the Platform
    • Agent Installations
      • Windows Installation
      • Linux Installation
      • macOS Installation
      • Deploying Agent From Microsoft Intune
    • Access and Exlusion Requirements
      • Agent-Based Demo Deployment
      • Agent-Based Production Deployment
      • Agent-Based On-Premises Deployment
      • Trendmicro Exlusions
    • Troubleshooting
  • Getting Started
    • Platform Overview
    • Agent Based Deployment
      • 1. Activating Policies
      • 2. Configure Policies in the Group
      • 3. Agent Deployment
        • Windows: Downloading and Deploying The Windows Agent
        • Linux: Downloading and Deploying The Linux Agent
        • macOS: Downloading and Deploying The macOSAgent
      • 4. Enabling Classification Rules
      • 5. Review The Results & White Listing
      • 6. Reviewing and Enabling Sigma Rules
      • 7. Generating Reports
      • 8. Notification Settings
      • 9. YARA Analysis & THOR
      • 10. Configuring YARA Rules
      • 11. Remediation Management
      • 12. Results of The Analysis
    • Using the Main Dashboard and Grids
    • Classification Rules
    • Configuring Modules
      • Threat Hunting
        • Enabling Windows Autoruns & Process Analysis
        • Enabling Weak SNMP Discovery
        • Enabling Linux Analysis
        • Job Management
        • Customizing Classification Rules
        • Enabling Windows Event Log Analysis
        • Enabling Windows Sysmon Analysis
        • Enabling Windows Thor Analysis
        • Enabling Windows Security Benchmark Analysis
        • Enabling In-Depth Analysis
      • Windows Hardening
      • Remediation & Response Management
      • Notification Management
      • Vulnerability Management
      • Network Discovery
      • Windows Patch Management
      • IP Scanning
      • Software Management
      • Managing Shadow-IT
      • Microsoft Windows Defender Health Analysis
    • Configuring Sysmon
      • Sysmon Deployment
      • Managing Sysmon Rules
      • Troubleshooting Sysmon Rules
    • Important Settings
      • Organization Settings
    • Utilizing the Platform Effectively and Interpreting the Artifact Analysis Results
    • How To Manage False Positives and Optimizing the System
    • Using AI Modules
      • AI Manuel Enrichment
      • AI Auto Enrichment
      • Automating AI Enrichment
      • AI Auto Exclusions
      • AI Feedback Questions
      • AI Auto Exclusion & Enrichment for Sysmon
      • AI Activity Logs
    • GRC Management
      • Creating an Assessment & Updating Evidences
    • Integrations
      • Office 365 Azure Registration
      • Windows Security Center Azure Registration
      • Azure Active Directory Integration
      • Active Directory Integration
      • CrowdStrike Integration
      • Palo Alto - Cortex Integration
      • Palo Alto HyperVisor Integration
      • OpenVAS Integration
      • Tenable Nessus
      • Gophish Integration
    • How to Use CyberCyte Platform Effectively?
    • Enabling External Exposure Analysis
  • Administration Guide
    • Most Used
      • Threat Overview
      • Analysis & Investigation
      • Shadow IT
      • My Assignments
      • Installation Management
      • Policy Management
      • Windows Hardening Results
      • Device Management
    • Dashboards
      • Threat Overview
      • Asset Overview
      • User Overview
      • Shadow IT
      • Analysis
    • Threat Hunting
      • Notable Events
      • Analysis & Investigation
      • Visualization
      • Hunting Settings
      • E-Mail/Teams Settings
    • Threat Response
      • Response Management
      • Incident /Case Management
      • ToDo
      • Remediation & Response Settings
      • Incident /Case Management
      • Incident/Case Management Settings
      • AI Activity
      • Interactive Sessions
    • Security Assurance
      • Hardening & Configuration Management
      • Vulnerability Management
      • Windows Remediation
      • Linux Remediation
      • Software Management
      • Windows Patch Management
      • Windows Remediation & Response Settings
      • Hardening & Configuration Management Settings
    • Asset Management
      • Endpoint Management
      • Group Management
      • Settings
    • Rules & Policies
      • Artifact Classification
      • Policy Management
      • SIGMA/YARA Rules
      • Artifact Collection Parameters
    • GRC
      • Assessment Management
      • Risk and Oppurtunity Management
      • Incident/Case Management
      • Assets
      • Document Management
      • Evidences
      • ToDo & Project Management
      • Parameters
      • Settings
      • Incident/Case Management Settings
    • Settings & Reporting
      • Agents Settings
      • Deployment Settings
      • Notification Settings
      • Integration Settings
      • AI Settings
      • Credential Settings
      • Organization Settings
      • Reporting
      • Users & Groups
    • Help
      • Ask AI
      • Configuration Wizard
      • Help Guide
      • Search
      • Version & Exception Overviews
      • Troubleshoot
    • How To Manage False Positives and Optimizing the System
  • Troubleshooting
    • Troubleshooting Multitenant Functionalities & Accessing Internal Applications
    • The Agent Troubleshooting
      • Troubleshooting the Windows Agent
      • Troubleshooting the Linux Agent
      • Troubleshooting the macOS Agent
    • Proxy Troubleshooting
      • Portal Server
      • Elastic Server
    • AI Automation Troubleshooting
      • Checking the AI Mode
      • Checking AI Audit Logs
      • Checking the AI Settings
    • Troubleshooting Synchronization Problems
  • Release Notes
    • v3.3.5
    • v3.3.4
    • v3.3.3
    • v3.3.2
    • v3.3.1
    • v3.3
    • v3.2.1
    • v3.2
    • v3.1.4
    • v3.1.3
    • v3.1.2
    • v3.1.1
    • v3.1
    • v3.0.10
    • v3.0.8-9
    • v3.0.7
    • v3.0.6
    • v3.0.5
    • v3.0.4
    • v3.0.3
    • v3.0.2
    • v3.0.1
    • v3.0
    • v2.5.0 - v2.17.7
Powered by GitBook
On this page

Was this helpful?

  1. Getting Started
  2. Agent Based Deployment

10. Configuring YARA Rules

YARA scan will create false positives; the system identifies the file signer for each alert. THOR/YARA classification rules have a built-in global rule for whitelisting based on signer information. Clone the rule and add new trusted signers to minimize the false positives. To access classification management rules, please go to the "Rules & Policies" -> "SIGMA/YARA Rules" -> "Windows YARA Rules".

Previous9. YARA Analysis & THORNext11. Remediation Management

Last updated 9 months ago

Was this helpful?