https://community.cisco.com/t5/security-analytics/firepower-yara-rules/m-p/4095275#M521 <P>How i can deploy YARA rules by firepower&nbsp;</P> Mon, 01 Jun 2020 05:47:17 GMT ahmed_saleh 2020-06-01T05:47:17Z https://community.cisco.com/t5/security-analytics/firepower-yara-rules/m-p/4095275#M521 <P>How i can deploy YARA rules by firepower&nbsp;</P> Mon, 01 Jun 2020 05:47:17 GMT https://community.cisco.com/t5/security-analytics/firepower-yara-rules/m-p/4095275#M521 ahmed_saleh 2020-06-01T05:47:17Z https://community.cisco.com/t5/security-analytics/firepower-yara-rules/m-p/4095375#M522 <P>Please repost this question to Network Security thread.</P> <P>(<A href="https://community.cisco.com/t5/network-security/bd-p/discussions-network-security" target="_blank">https://community.cisco.com/t5/network-security/bd-p/discussions-network-security</A>)</P> <P>&nbsp;</P> <P>Firepower uses AMP engine so if AMP itself supports Yara signature, maybe Firepower can have the same function. As far as I research AMP function, it has no function to implement Yara. AMP uses SHA-256, MD5 hash and ClamAV signature to detect malware. We can't convert from Yara to ClamAV signature(<A href="https://www.clamav.net/documents/using-yara-rules-in-clamav" target="_blank">https://www.clamav.net/documents/using-yara-rules-in-clamav</A>). So I think it's a quite low probability to have it in AMP and Firepower but not sure. So please post your question to Network Security thread.</P> Mon, 01 Jun 2020 09:52:51 GMT https://community.cisco.com/t5/security-analytics/firepower-yara-rules/m-p/4095375#M522 kyoshiik 2020-06-01T09:52:51Z