Add threat feeds
A threat feed can consist of YARA or other rules. Ensure that you have stored the required threat feeds or rule files at the required location.
See About YARA scanning.
To add a threat feed
- On the left, click Detection and reporting > Threat library.
- Click Add.
- On the Add threat feed dialog box, click Upload threat feed file. Select the required threat feed from the appropriate location. It can be a YARA rule file or a
.zipfile.A YARA rule file can be of extension
.yaror.yara. - Enter the threat feed name.
- Click Save.
After you save the threat feeds, they are validated. Threat feeds with successful validation have the status as 'Valid'. If validation is not successful, the status is shown as 'Invalid'. Use the View details option to view the reasons for the invalid status of the threat feeds.
Only valid threat feeds can be used for YARA scanning.