Hi All,
We are pleased to share with you that yesterday the NetWitness Threat Research and Intelligence Content team upload 518 YARA Rules to the NetWitness LIVE CMS. We posted that here and wanted to take a minute write up a short blog as well for your reference. The YARA Rules in question are here for your use at no cost as they have been sourced via Open-Source collection. These rules focus principally on malware/malicious code & content, threats, and threat actor/adversary operations. We have elected to share them with our internal and external costumers if you may be interested in advancing your own capabilities via the incorporation of more YARA Rules. These rules can be found within the NetWitness LIVE platform under the ‘COMMUNITY’ drop down menu.
We have posted thee rules in the 'COMMUNITY' section of NetWitness LIVE and wish to stress the following points about this content:
- These YARA rules have been made available to RSA NetWitness via a partnership agreement that allows us to share them in an 'as-is' state with you, our internal and external customers
- These YARA rules are not part of the official RSA NetWitness threat content corpus or our efforts related to the growth and maturity of that corpus. As such, they are out of scope of our processes and procedures and are not subject to our governance and/or guidelines for production-grade threat driven intelligence content.
- At the time of this writing, we have no plans for future enrichment, management, or curation of this content beyond what the partner in question provides to us.