Admin Guide

Configuration

Package (synapse-yara) defines the following permissions:
power-ups.yara.user              : Controls user access to Synapse-Yara. ( default: false )

You may add rules to users/roles directly from storm:

> auth.user.addrule visi power-ups.yara.user
Added rule power-ups.yara.user to user visi.

or:

> auth.role.addrule ninjas power-ups.yara.user
Added rule power-ups.yara.user to role ninjas.

Synapse-Yara does not currently export any APIs.

Synapse-Yara provides the following workflows in Optic:

Title: Rules and matches

Synapse-Yara does not provide any node actions in Optic.

Synapse-Yara uses an onload event to add a Storm Dmon to ingest Yara grid tasks. This allows for background processing of Yara matches.