Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4597
Views
0
Helpful
1
Replies

Firepower YARA rules

Go to solution
ahmed_saleh
Level 1
Level 1

‎05-31-2020 10:47 PM

How i can deploy YARA rules by firepower 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kyoshiik
Cisco Employee
Cisco Employee

‎06-01-2020 02:52 AM

Please repost this question to Network Security thread.

(https://community.cisco.com/t5/network-security/bd-p/discussions-network-security)

 

Firepower uses AMP engine so if AMP itself supports Yara signature, maybe Firepower can have the same function. As far as I research AMP function, it has no function to implement Yara. AMP uses SHA-256, MD5 hash and ClamAV signature to detect malware. We can't convert from Yara to ClamAV signature(https://www.clamav.net/documents/using-yara-rules-in-clamav). So I think it's a quite low probability to have it in AMP and Firepower but not sure. So please post your question to Network Security thread.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
kyoshiik
Cisco Employee
Cisco Employee

‎06-01-2020 02:52 AM

Please repost this question to Network Security thread.

(https://community.cisco.com/t5/network-security/bd-p/discussions-network-security)

 

Firepower uses AMP engine so if AMP itself supports Yara signature, maybe Firepower can have the same function. As far as I research AMP function, it has no function to implement Yara. AMP uses SHA-256, MD5 hash and ClamAV signature to detect malware. We can't convert from Yara to ClamAV signature(https://www.clamav.net/documents/using-yara-rules-in-clamav). So I think it's a quite low probability to have it in AMP and Firepower but not sure. So please post your question to Network Security thread.

0 Helpful
Customers Also Viewed These Support Documents