Signatures Detection Engine
YARA Rules

A signature-based detection engine based on YARA rules to identify malware as soon as it is deposited on disk or loaded in memory, even if obfuscated.

harfang-why

The YARA rules-based Signatures Engine identifies malicious files: scripts, programs, or other binaries.

Processes can be detected at startup and while running.

The Signatures Engine evaluates:

File content
Injected threads
Process memory
Yara Rules
check
Detecting known threats

The Signatures Engine features rules designed to detect attackers’ tools, and can be configured to scan executables as soon as they are written to disk for Windows, MacOS, and Linux agents.

 

It detects known threats such as CobaltStrike, Bruteratel, Mimikatz, Metasploit, Sliver, and more.

YARA Rules
check
Transparent ad customizable rules

Standard YARA rules are designed and maintained over time by HarfangLab’s Cyber Threat Intelligence (CTI) team.

 

They are deployed and enriched by our experts, who evolve them to keep pace with threats and ensure optimum protection and limit the number of false positives.

 

These rules can be customized and supplemented by rules imported from third-party sources, and the engine can be configured according to the specific needs of EDR users.

 

YARA rules are fully accessible, enabling analysts to understand the origin of alerts.

Find out more

harfang-why

EDR CSPN Certified by ANSSI

1 min
Sigma - YARA - open format rules for cybersecurity
Product

Perks of Sigma and YARA rules in an EDR

Sigma and YARA are rule formats for detecting threats – malicious behaviors and files (or binaries) respectively. What are the…

6 min
harfang-why

EDR with AI Detection Engine – Ashley

1 min
harfang-why

EDR with Behavioral Detection Engine – Sigma Rules

1 min
harfang-why

EDR with Indicator of Compromise Detection Engine – IOC

1 min