Forum Discussion
[MDE] Add the important feature, Yara rules if possible
Hi, Refer to this advisory (first link). In addition, you can see that there are Yara rules from GitHub (inside pdf). (2nd link) All EDR/XDR companies (except Microsoft) already have features and...
Any update on this.
Add YARA support. GitHub (Owned by MS) holds dozens of repositories containing millions of IoCs that can be integrated with a click of a button to most enterprise SIEMs. Small security departments do not have time to write thousands of KQL queries specific to each IoC. This work was already completed by the original GitHub contributor, don't force customers to reinvent the wheel.
