Malware Detection

the swimlane malware detection connector provides basic tools to aid in malware detection capabilities this connector provides the following capabilities swimlane malware detection yara check tasks setup to run the yara scan task, you must write a https //yara readthedocs io/en/stable/ which can either be sent to the integration as a file or a string example rule silent banker banker { meta description = "this is just an example" threat level = 3 in the wild = true strings $a = {6a 40 68 00 30 00 00 6a 14 8d 91} $b = {8d 4d b0 2b c1 83 c0 27 99 6a 4e 59 f7 f9} $c = "uvodfrysihlnwpejxqzakcbgmt" condition $a or $b or $c } actions swimlane malware detection yara check swimlane connector with general malware detection tools scan strings or files using a yara rule input argument name type required description yara rule string required either a file or a string containing a yara rule suspicious data string required file or string of suspicious data input example {"yara rule" "rule foo bar {strings $a = \\"lmn\\" condition $a}","suspicious data" "lmn"} output parameter type description matches array output field matches matches rule string output field matches rule matches namespace string name of the resource matches strings array output field matches strings matches tags array output field matches tags matches meta string output field matches meta matches no results boolean result of the operation no matches boolean output field no matches output example {"matches" \[{"rule" "foo","namespace" "default","strings" \[],"tags" \[],"meta" "{}","no results"\ false}],"no matches"\ true} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt