Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: Pre-compile YARA rules #11914

Closed
weslambert opened this issue Dec 1, 2023 · 5 comments
Closed

FIX: Pre-compile YARA rules #11914

weslambert opened this issue Dec 1, 2023 · 5 comments
Assignees
@weslambert

Comments

@weslambert
Copy link
Contributor

weslambert commented Dec 1, 2023
edited
Loading

Consider using something like yara.compile() to pre-compile YARA rules before providing them to Strelka to prevent issues with bad rules.

target/strelka#410 (comment)
@derfel1989
Copy link

@weslambert will you deploy this on Security Onion? I'm thinking about moving to SOS due to the complete stack offered.

@weslambert
Copy link
Contributor Author

I'm not sure if you are asking if Strelka is currently integrated with Security Onion or if the compilation will happen on the Security Onion machine. Just in case, the answer is yes to both questions. 😄

https://docs.securityonion.net/en/2.4/strelka.html#strelka

@derfel1989
Copy link

derfel1989 commented Dec 1, 2023
edited
Loading

I'm not sure if you are asking if Strelka is currently integrated with Security Onion or if the compilation will happen on the Security Onion machine. Just in case, the answer is yes to both questions. 😄

https://docs.securityonion.net/en/2.4/strelka.html#strelka

Good to know! 😀
So, the Python code mentioned was already deployed.

@weslambert weslambert self-assigned this Dec 6, 2023
@weslambert weslambert added this to the 2.4.40 milestone Dec 6, 2023
@weslambert
Copy link
Contributor Author

The pre-compilation is not included yet, but it will be included in a future release.

@weslambert weslambert removed this from the 2.4.40 milestone Dec 6, 2023
@weslambert
Copy link
Contributor Author

This is implemented in Detections.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@weslambert weslambert

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@weslambert @derfel1989