Admin Guide
Configuration
Permissions
Package (synapse-yara) defines the following permissions:
power-ups.yara.user : Controls user access to Synapse-Yara. ( default: false )
You may add rules to users/roles directly from storm:
> auth.user.addrule visi power-ups.yara.user
Added rule power-ups.yara.user to user visi.
or:
> auth.role.addrule ninjas power-ups.yara.user
Added rule power-ups.yara.user to role ninjas.
Exported APIs
Synapse-Yara does not currently export any APIs.
Workflows
Synapse-Yara provides the following workflows in Optic:
Title: Rules and matches
Node Actions
Synapse-Yara does not provide any node actions in Optic.
Onload Events
Synapse-Yara uses an onload
event to add a Storm Dmon to ingest Yara grid tasks. This allows for background
processing of Yara matches.