cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1653
Views
0
Helpful
1
Replies
ahmed_saleh
Beginner

Firepower YARA rules

How i can deploy YARA rules by firepower 

1 ACCEPTED SOLUTION

Accepted Solutions
kyoshiik
Cisco Employee

Please repost this question to Network Security thread.

(https://community.cisco.com/t5/network-security/bd-p/discussions-network-security)

 

Firepower uses AMP engine so if AMP itself supports Yara signature, maybe Firepower can have the same function. As far as I research AMP function, it has no function to implement Yara. AMP uses SHA-256, MD5 hash and ClamAV signature to detect malware. We can't convert from Yara to ClamAV signature(https://www.clamav.net/documents/using-yara-rules-in-clamav). So I think it's a quite low probability to have it in AMP and Firepower but not sure. So please post your question to Network Security thread.

View solution in original post

1 REPLY 1
kyoshiik
Cisco Employee

Please repost this question to Network Security thread.

(https://community.cisco.com/t5/network-security/bd-p/discussions-network-security)

 

Firepower uses AMP engine so if AMP itself supports Yara signature, maybe Firepower can have the same function. As far as I research AMP function, it has no function to implement Yara. AMP uses SHA-256, MD5 hash and ClamAV signature to detect malware. We can't convert from Yara to ClamAV signature(https://www.clamav.net/documents/using-yara-rules-in-clamav). So I think it's a quite low probability to have it in AMP and Firepower but not sure. So please post your question to Network Security thread.

View solution in original post

Content for Community-Ad