Hello
Please be gentle with me. I am new to YARA and the writting of such rules.
I am planning to write a set of YARA rules each describing an IOC. A very
simple IOC is the existence of a certain file. I was search the net for a
rule which check if a file with a certain name does exist. But all
Filename is not something YARA knows about, nor should it IMO. The filename is
a property of the filesystem upon which the file resides, and has no bearing on
the content of the file. If you want to use filename in your rule you have to
pass it in as an external variable. Check out
https://gith
Thank you very much for your answer. I did read the forum entries and
instructions about passing the filename as external variable. I am also
fully aware that the filename is not a very reliable indicator. But never
the less it is an indicator.
In this case I will have to see how we can pass t
