CYBNOT 0 Posted November 4, 2020 Share Posted November 4, 2020 Greetings, We have plenty of Yara rules files that we want to configure on EEI. Going through creation of new EEI rules, surprisingly, it only supports XML. Could you please enlighten us on how to do the above or suggest a practical way of converting or forking Yara files to XML so we can configure them on EEI. Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted November 4, 2020 Administrators Share Posted November 4, 2020 ESET Enterprise Inspector doesn't leverage Yara rules but a proprietary format to support various operations and events that can be monitored by ESET security products. To create a new rule or to edit an existing one, navigate to Admin -> Detection rules -> New rule (or select an existing one and choose Edit). Default rules cannot be edited; however, you can create a custom duplicate rule and then edit it. When editing a rule, you get a guide on the right-hand side of the screen with a link to a pdf with a complete guide at the bottom. As you write a rule, the editor makes possible suggestions from which you can choose. If you need help with a particular rule to detect some event or operation or if something is unclear, feel free to ask. Link to comment Share on other sites More sharing options...
Recommended Posts