In order to create your first rule, you first need to have a virtual file to store it. If you don’t have permissions to do so, ask your manager. Otherwise, create the virtual file.

Once you have a virtual file to store it, open the “Edit”, “Create” menu from the left navigation and follow the guidelines under the Rules section of the documentation.

Writing rules

To write your first rule, please refer to the yara documentation as well as the Rule documentation. Before the rule makes it to production (live rules), it’s first stored as “Draft” in your cart (My Work).

Important: Don’t forget to SAVE your rule before any other action like syntax checking, or submission.

The rule needs to pass a few validations steps before it’s approved and published. First it needs to pass syntax validation, which will verify the rule complies with Yara syntax.

If your rule isn’t valid, the preview will help you to fix your errors.

Once your rule is marked as “Valid”, you can submit it for approbation. Once approved, it will be visible in the “Live” section.