Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

IS MS looking to support custom YARA rules for Windows Defender ATP

Copper Contributor

As Incident Repsonse is becoming much more important, I would like to know if Microsoft is looking to include the support for YARA rules. In that perspective it would be possible to integrate it with custom intellegance platforms and use open standards to create custom signature for all our endpoints. 

 

Some other EDR toolings are looking to implement or already supporting YARA ... 

 

Thanks ! 

1 Reply

Tagging the WD ATP folks so they see this: @Heike Ritter@Raviv Tamir@Tomer Alpert

 

You also my want to cross-post this to the WD ATP group: https://techcommunity.microsoft.com/t5/Threat-Intelligence/bd-p/WDATPActor