Jan 08 2019 06:08 AM
As Incident Repsonse is becoming much more important, I would like to know if Microsoft is looking to include the support for YARA rules. In that perspective it would be possible to integrate it with custom intellegance platforms and use open standards to create custom signature for all our endpoints.
Some other EDR toolings are looking to implement or already supporting YARA ...
Thanks !
Jan 08 2019 03:03 PM - edited Jan 08 2019 03:04 PM
Tagging the WD ATP folks so they see this: @Heike Ritter, @Raviv Tamir, @Tomer Alpert
You also my want to cross-post this to the WD ATP group: https://techcommunity.microsoft.com/t5/Threat-Intelligence/bd-p/WDATPActor