Malware Detection

the swimlane malware detection connector provides basic tools to aid in malware detection capabilities this connector provides the following capabilities swimlane malware detection yara check tasks setup to run the yara scan task, you must write a yara rule https //yara readthedocs io/en/stable/ which can either be sent to the integration as a file or a string example rule silent banker banker { meta description = "this is just an example" threat level = 3 in the wild = true strings $a = {6a 40 68 00 30 00 00 6a 14 8d 91} $b = {8d 4d b0 2b c1 83 c0 27 99 6a 4e 59 f7 f9} $c = "uvodfrysihlnwpejxqzakcbgmt" condition $a or $b or $c } actions swimlane malware detection yara check swimlane connector with general malware detection tools scan strings or files using a yara rule input argument name type required description yara rule string required either a file or a string containing a yara rule suspicious data string required file or string of suspicious data output parameter type description matches array output field matches rule string output field rule namespace string name of the resource strings array output field strings tags array output field tags meta string output field meta no results boolean result of the operation no matches boolean output field no matches example \[ { "matches" \[ {} ], "no matches" true } ]