Skip to content

Collection of YARA-L 2.0 sample rules for the Chronicle Detection API

License

Notifications You must be signed in to change notification settings

shapor/detection-rules

 
 

Repository files navigation

Chronicle Detection Rules

This repository contains sample detection rules for use within Chronicle.

Rules within the soc_prime_rules directory were created by SOC Prime and made available to Chronicle Customers.

Getting Started

Rules can be created within your Chronicle instance by using the Rules Editor. Simply download the rule from the repository and copy the content of the rule to the rule editor when creating a new rule.

To automate rule creation, APIs are available to create/update/delete rules.

Detailed instructions can be found in your Chronicle instance under documentation:

Documentation

Detection API and UI:

YARA-L 2.0 rules and UDM:

Code Samples

https://github.com/chronicle/api-samples-python/tree/master/detect/v2

About

Collection of YARA-L 2.0 sample rules for the Chronicle Detection API

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • YARA 100.0%