You can use YARA rules as YARA module databases to scan files and objects received at the Central Node and to scan hosts with the Endpoint Agent component.
In distributed solution and multitenancy mode, custom YARA rules can have one of the following types:
When managing the application web interface, users with the Senior security officer role can import a YARA rule file into Kaspersky Anti Targeted Attack Platform using the application web interface.
Users with the Security auditor and Security officer roles can only view YARA rules.