Yara no longer processing rules after cortex 2.0 update #245
Comments
|
I ran into the same issue and the only workaround I found was to hard code the rule path into the Python file for the Yara analyzer yara_analyzer.py. |
|
Just to make sure: you've updated the analyzer config accordingly in the cortex ui? Just took a look at the code and cannot find a mistake on the first glance. |
|
I have updated them in the UI in several different manners, and none seem to work EX: "/usr/local/src/rules/Webshells_index.yar","/usr/local/src/lw-yara/lw-rules_index.yar","/usr/local/src/rules/malware_index.yar", "/usr/local/src/rules/Exploit-Kits_index.yar" and just /usr/local/src/rules/Webshells_index.yar to see if one works. |
|
Confirmed, fix will be merged with Hotfix 1.9.7. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request Type
(select Bug, Analyzer or Feature and remove this line)
Bug
Work Environment
Description
After updating from cortex v 1.1 to 2.0 yara no longer give back hits, I can run the yara analyzer for things that previously returned positive hits and it no longer triggers a detection
Complementary information
can't find anything useful in the logs and no error messages are returned. Perhaps my rule path is somehow not being processed?
The text was updated successfully, but these errors were encountered: