You can import your existing Yara rules into IBM®
QRadar® Incident Forensics and IBM
QRadar Network Insights, and use those rules for
matching and flagging malicious content. More than one Yara rule can exist in an imported file.
Uploading a new Yara rules file replaces all existing Yara rules within the system. Upload existing
rules in the new file to retain them.
Procedure
-
Click and select Suspect Content Management.
-
Click Select File.
-
In the File Upload window, browse to the file you want to import and click
Open.
Important: Yara rule names must be unique.
Results
You see a message when the Yara rule is imported successfully.
What to do next
Newly imported Yara rules are not applied retroactively. After you import the Yara
rules, you must perform a full deployment for the changes to take effect.