IS MS looking to support custom YARA rules for Windows Defender ATP

%3CLINGO-SUB%20id%3D%22lingo-sub-310244%22%20slang%3D%22en-US%22%3EIS%20MS%20looking%20to%20support%20custom%20YARA%20rules%20for%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-310244%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20Incident%20Repsonse%20is%20becoming%20much%20more%20important%2C%20I%20would%20like%20to%20know%20if%20Microsoft%20is%20looking%20to%20include%20the%20support%20for%20YARA%20rules.%20In%20that%20perspective%20it%20would%20be%20possible%20to%20integrate%20it%20with%20custom%20intellegance%20platforms%20and%20use%20open%20standards%20to%20create%20custom%20signature%20for%20all%20our%20endpoints.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20other%20EDR%20toolings%20are%20looking%20to%20implement%20or%20already%20supporting%20YARA%20...%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-311187%22%20slang%3D%22en-US%22%3ERe%3A%20IS%20MS%20looking%20to%20support%20custom%20YARA%20rules%20for%20Windows%20Defender%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-311187%22%20slang%3D%22en-US%22%3E%3CP%3ETagging%20the%20WD%20ATP%20folks%20so%20they%20see%20this%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F168151%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F73387%22%20target%3D%22_blank%22%3E%40Raviv%20Tamir%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F87499%22%20target%3D%22_blank%22%3E%40Tomer%20Alpert%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20also%20my%20want%20to%20cross-post%20this%20to%20the%20WD%20ATP%20group%3A%26nbsp%3B%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FThreat-Intelligence%2Fbd-p%2FWDATPActor%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FThreat-Intelligence%2Fbd-p%2FWDATPActor%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

As Incident Repsonse is becoming much more important, I would like to know if Microsoft is looking to include the support for YARA rules. In that perspective it would be possible to integrate it with custom intellegance platforms and use open standards to create custom signature for all our endpoints. 

 

Some other EDR toolings are looking to implement or already supporting YARA ... 

 

Thanks ! 

1 Reply

Tagging the WD ATP folks so they see this: @Heike Ritter@Raviv Tamir@Tomer Alpert

 

You also my want to cross-post this to the WD ATP group: https://techcommunity.microsoft.com/t5/Threat-Intelligence/bd-p/WDATPActor