A signature-based detection engine based on YARA rules to identify malware as soon as it is deposited on disk or loaded in memory, even if obfuscated.
The YARA rules-based Signatures Engine identifies malicious files: scripts, programs, or other binaries.
Processes can be detected at startup and while running.
The Signatures Engine evaluates:
The Signatures Engine features rules designed to detect attackers’ tools, and can be configured to scan executables as soon as they are written to disk for Windows, MacOS, and Linux agents.
It detects known threats such as CobaltStrike, Bruteratel, Mimikatz, Metasploit, Sliver, and more.
Standard YARA rules are designed and maintained over time by HarfangLab’s Cyber Threat Intelligence (CTI) team.
They are deployed and enriched by our experts, who evolve them to keep pace with threats and ensure optimum protection and limit the number of false positives.
These rules can be customized and supplemented by rules imported from third-party sources, and the engine can be configured according to the specific needs of EDR users.
YARA rules are fully accessible, enabling analysts to understand the origin of alerts.
Sigma and YARA are rule formats for detecting threats – malicious behaviors and files (or binaries) respectively. What are the…
