cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[MDE] Add the important feature, Yara rules if possible

tay76
Copper Contributor

‎Aug 24 2021 11:38 PM

‎Aug 24 2021 11:38 PM

[MDE] Add the important feature, Yara rules if possible

Hi,

Refer to this advisory (first link). In addition, you can see that there are Yara rules from GitHub (inside pdf). (2nd link)
All EDR/XDR companies (except Microsoft) already have features and a Yara rule configuration for the incident responders to detect.
 
The method of adding and detecting Yara rules has been in practice across companies for many years.
Would you mind advising on any reason why not adding the important feature, Yara rules?
It would be good if you include the important feature, Yara rules.
If not, would you mind advising on converting from Yara rules to MDE query for querying via advanced threat hunting? Thanks much appreciated. :)
15.6K Views
6 Likes
4 Replies
Reply
4 Replies
Jayronn

‎Sep 02 2021 10:24 AM

‎Sep 02 2021 10:24 AM

Re: [MDE] Add the important feature, Yara rules if possible

Hi @tay76,


We're considering Yara support in the future. We have extensive Advance hunting toolkit which is discussed here https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/advanced-hunting-overview?....

Please let me know if this helps answer your question.
0 Likes
Reply
Bobby Hodges

‎Aug 15 2022 07:36 AM

‎Aug 15 2022 07:36 AM

Re: [MDE] Add the important feature, Yara rules if possible

Agreed - YARA rule support is needed.
2 Likes
Reply
Pinku1725

‎Feb 21 2023 05:32 PM

‎Feb 21 2023 05:32 PM

Re: [MDE] Add the important feature, Yara rules if possible

Any update on this.
1 Like
Reply
Cyberseqwerty

‎Aug 07 2023 08:46 AM

‎Aug 07 2023 08:46 AM

Re: [MDE] Add the important feature, Yara rules if possible

Add YARA support. GitHub (Owned by MS) holds dozens of repositories containing millions of IoCs that can be integrated with a click of a button to most enterprise SIEMs. Small security departments do not have time to write thousands of KQL queries specific to each IoC. This work was already completed by the original GitHub contributor, don't force customers to reinvent the wheel.

2 Likes
Reply