Viewing the YARA rule table
The table of user-defined YARA rules contains information about YARA rules that are used to scan events and create alerts; the table is displayed in the Custom rules section, YARA subsection of the application web interface window.
The table contains the following information:
- Created is the rule creation time.
—Alert importance for the Kaspersky Anti Targeted Attack Platform user depending on the impact this alert may have on computer or corporate LAN security based on Kaspersky experience.By default, alerts generated by uploaded YARA rules are assigned a high level of importance.
- Type is the type of the rule depending on the operating mode of the application and the role of the server which generated the rule:
- Global—Created on the PCN server. These rules are used to scan files and objects received at the PCN server and all SCN servers connected to that PCN server. Scanned files and objects belong to the tenant which the user is managing in the application web interface.
- Local—Created on the SCN server. These rules are used to scan files and objects received at the SCN server. Scanned files and objects belong to the tenant which the user is managing in the application web interface.
- Name – name of the rule.
- File name is the name of the file from which the rule was imported.
- Created by is the name of the user whose account was used to import the rule.
- Servers is the name of the server with the PCN or SCN role to which the rule applies.
This column is displayed if you are using the distributed solution and multitenancy mode.
- Traffic scan is the usage status of the rule when stream scanning files and objects arriving at the Central Node:
- Enabled – the rule is being used.
- Disabled – the rule is not being used.
