cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
228
Views
0
Helpful
1
Replies
Highlighted
Beginner

Firepower YARA rules

How i can deploy YARA rules by firepower 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Firepower YARA rules

Please repost this question to Network Security thread.

(https://community.cisco.com/t5/network-security/bd-p/discussions-network-security)

 

Firepower uses AMP engine so if AMP itself supports Yara signature, maybe Firepower can have the same function. As far as I research AMP function, it has no function to implement Yara. AMP uses SHA-256, MD5 hash and ClamAV signature to detect malware. We can't convert from Yara to ClamAV signature(https://www.clamav.net/documents/using-yara-rules-in-clamav). So I think it's a quite low probability to have it in AMP and Firepower but not sure. So please post your question to Network Security thread.

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

Re: Firepower YARA rules

Please repost this question to Network Security thread.

(https://community.cisco.com/t5/network-security/bd-p/discussions-network-security)

 

Firepower uses AMP engine so if AMP itself supports Yara signature, maybe Firepower can have the same function. As far as I research AMP function, it has no function to implement Yara. AMP uses SHA-256, MD5 hash and ClamAV signature to detect malware. We can't convert from Yara to ClamAV signature(https://www.clamav.net/documents/using-yara-rules-in-clamav). So I think it's a quite low probability to have it in AMP and Firepower but not sure. So please post your question to Network Security thread.

View solution in original post

This widget could not be displayed.