gertz27
commented
6 years ago I ran into the same issue and the only workaround I found was to hard code the rule path into the Python file for the Yara analyzer yara_analyzer.py.
Closed Hestat closed 6 years ago
gertz27
commented
6 years ago I ran into the same issue and the only workaround I found was to hard code the rule path into the Python file for the Yara analyzer yara_analyzer.py.
3c7
commented
6 years ago Just to make sure: you've updated the analyzer config accordingly in the cortex ui? Just took a look at the code and cannot find a mistake on the first glance.
Hestat
commented
6 years ago I have updated them in the UI in several different manners, and none seem to work EX:
"/usr/local/src/rules/Webshells_index.yar","/usr/local/src/lw-yara/lw-rules_index.yar","/usr/local/src/rules/malware_index.yar", "/usr/local/src/rules/Exploit-Kits_index.yar"
and just
/usr/local/src/rules/Webshells_index.yar
to see if one works.
3c7
commented
6 years ago Confirmed, fix will be merged with Hotfix 1.9.7.
Request Type
(select Bug, Analyzer or Feature and remove this line) Bug
Work Environment
Description
After updating from cortex v 1.1 to 2.0 yara no longer give back hits, I can run the yara analyzer for things that previously returned positive hits and it no longer triggers a detection
Complementary information
can't find anything useful in the logs and no error messages are returned. Perhaps my rule path is somehow not being processed?