Include yara testing

[henimerze]

Will be amazing if it is possible to enable yara testing on a specified folder of files and send the results to the owner via email or just notify when it is done processing.

[Taskr]

Hi @henimerze! Thanks for your interest in YaraGuardian. Just so I understand the request clearly, do you mean adding the ability to submit and scan files against the repository rules and then receive a report/notification of results once the scanning is complete?

[henimerze]

Hi Adam, No, I am actually thinking about submitting the actual yara rule for testing (or just adding a ‘test this yara rule’ button somewhere in the yara management) so that when clicked the rule will be checked against a folder of files (clean or malicious) and the list of files the rule hit will be displayed or emailed to the owner. but what you mentioned is also a good feature to have too :) On Aug 2, 2017, at 4:09 PM, Adam Trask <[email protected]<mailto:[email protected]>> wrote: Hi @henimerze<https://github.com/henimerze>! Thanks for your interest in YaraGuardian. Just so I understand the request clearly, do you mean adding the ability to submit and scan files against the repository rules and then receive a report/notification of results once the scanning is complete? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#33 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ANWEQTUeNf4ppubcPtMiAxalOKOadQWpks5sUNeBgaJpZM4OriaM>.

[Taskr]

Ah okay, now I understand. Essentially you want a way to test rules for false positives when scanned against a "clean" folder / set of files and/or verify it has some detection capability against a "malicious" folder / set of files. That sounds like a pretty useful feature. Will add to enhancement path.

[henimerze]

Exactly. Thank you for the hard work. You have done a great work .

…

-------- Original message -------- From: Adam Trask <[email protected]> Date: 8/2/17 4:45 PM (GMT-05:00) To: PUNCH-Cyber/YaraGuardian <[email protected]> Cc: henimerze <[email protected]>, Mention <[email protected]> Subject: Re: [PUNCH-Cyber/YaraGuardian] Include yara testing (#33) Ah okay, now I understand. Essentially you want a way to test rules for false positives when scanned against a "clean" folder / set of files and/or verify it has some detection capability against a "malicious" folder / set of files. That sounds like a pretty useful feature. Will add to enhancement path. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#33 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ANWEQQxN17bl0RC-zchBuGSIn3gg_ZV-ks5sUN-wgaJpZM4OriaM>.