9. YARA Analysis & THOR

The platform is using THOR for YARA analysis. Please add your Thor license file under the Thor policy. Please go to the Rules & Policies -> Policy Management -> Policy Rules, click on the "+Policy", select SIGMA & YARA module and select Windows YARA/THOR Lite Analysis or Windows YARA/THOR Analysis.

Both Thor Lite and Thor Professional are supported. Once the license is added, please create a policy for THOR Analysis and assign the created license. The initial policy interface is configured for the recommended settings.

Click on the "Save" button. Once the policy is created, please assign it to a group.

Click on the three dots and click edit.

Assign THOR policy to the group.

The initial data will take 6-24 hours to be collected.

Previous8. Notification Settings Next10. Configuring YARA Rules

Last updated 6 months ago

Was this helpful?