Jump to content

How to configure Yara rules on EEI?

Recommended Posts


We have plenty of Yara rules files that we want to configure on EEI. Going through creation of new EEI rules, surprisingly, it only supports XML.

Could you please enlighten us on how to do the above or suggest a practical way of converting or forking Yara files to XML so we can configure them on EEI.

Thank you.

Link to comment
Share on other sites

  • Administrators

ESET Enterprise Inspector doesn't leverage Yara rules but a proprietary format to support various operations and events that can be monitored by ESET security products.

To create a new rule or to edit an existing one, navigate to Admin -> Detection rules -> New rule (or select an existing one and choose Edit). Default rules cannot be edited; however, you can create a custom duplicate rule and then edit it.

When editing a rule, you get a guide on the right-hand side of the screen with a link to a pdf with a complete guide at the bottom. As you write a rule, the editor makes possible suggestions from which you can choose.

If you need help with a particular rule to detect some event or operation or if something is unclear, feel free to ask.


Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...