Got it :)
Thank you, that makes sense now.
On Tuesday, 11 August 2020 11:14:55 UTC+10, Wesley Shields wrote:
>
> Well, assuming you put the rules in c:\Temp\yarfile.yar, no. If you didn't
> put that file there or can't explain why it's there, then it is a positive
> match you need to
Well, assuming you put the rules in c:\Temp\yarfile.yar, no. If you didn't put
that file there or can't explain why it's there, then it is a positive match
you need to investigate.
-- WXS
> On Aug 10, 2020, at 9:12 PM, Michael Fry wrote:
>
> So does that mean it is a positive for something
So does that mean it is a positive for something being detected?
On Tuesday, 11 August 2020 10:41:48 UTC+10, Wesley Shields wrote:
>
> The format is .
>
> In your case, YARA matched two rules on the file c:\Temp\yarfile.yar
>
> -- WXS
>
> On Aug 10, 2020, at 8:33 PM, Michael Fry >
> wrote:
>
>
The format is .
In your case, YARA matched two rules on the file c:\Temp\yarfile.yar
-- WXS
> On Aug 10, 2020, at 8:33 PM, Michael Fry wrote:
>
> Hi All,
>
> So I have recently been asked to use Yara to scan some servers for some IOCs
> and I am using the command line version.
>
> The yar
Hi All,
So I have recently been asked to use Yara to scan some servers for some
IOCs and I am using the command line version.
The yar file was provided to me.
I am struggling to find anything anywhere that outlines interpretting the
log file. For example, if I have the below, is this
