IBM Security QRadar Manager for YARA and Sigma Rules app

IBM® Security QRadar® Manager for Yara and Sigma Rules is an app that you can use to apply YARA and Sigma rules to QRadar events, flows, and searches.

The IBM Security QRadar Manager for YARA and Sigma Rules app includes the following key capabilities:

Import, edit, and manage existing YARA rules.
Scan raw payloads with YARA rules.
Scan QRadar events or flows with YARA rules.
Scan QRadar saved searches with YARA rules.
Import, edit, and translate Sigma rules into QRadar rules or AQL searches.

The IBM Security QRadar Manager for Yara and Sigma Rules app uses the yara-python-4.2.0 library from https://github.com/VirusTotal/yara-python. The supported modules in the app are:

pe
elf
cuckoo
magic
hash
math
dotnet
time

The IBM Security QRadar Manager for Yara and Sigma Rules app is supported on QRadar 7.4.3 patch 9, and 7.5.0 patch 5 and later.

The IBM Security QRadar Manager for Yara and Sigma Rules app is supported on Google Chrome and Mozilla Firefox.