Closed kfir206 closed 1 month ago
The goal for YARA-X is building the scanning engine and basic command-line tool, a full-fledged, Windows-specific scanning service is outside the scope for this project. This sounds like an interesting project, but it's too specific.
And what about the logs output to event viewer?
On Mon, 27 May 2024, 17:06 Victor M. Alvarez, @.***> wrote:
The goal for YARA-X is building the scanning engine and basic command-line tool, a full-fledged, Windows-specific scanning service is outside the scope for this project. This sounds like an interesting project, but it's too specific.
— Reply to this email directly, view it on GitHub https://github.com/VirusTotal/yara-x/issues/129#issuecomment-2133559194, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQIJX2BVB3B777T5ZK3E6WLZEM4XRAVCNFSM6AAAAABILHZO6WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZTGU2TSMJZGQ . You are receiving this because you authored the thread.Message ID: @.***>
Same thing, that's a Windows-specific thing. I don't plan to write a Windows service, and sending the output for the command-line tool to the event viewer doesn't make too much sense. Sending to the event viewer makes sense when you have a long-running service in a Windows machine.
and option for central log? even write to local file with classification of detection\errors.... today the use in logs command line output YARA is horrible
I have a plan for providing a JSON structured output with the results of the scan. That output could be written to a file.
Great
Kfir Ozeri | Cyber Security Engineer Team Leader @.*** | +972-508117000 | www.CyRay.io http://www.cyray.io/
On Tue, 28 May 2024 at 10:21, Victor M. Alvarez @.***> wrote:
I have a plan for providing a JSON structured output with the results of the scan. That output could be written to a file.
— Reply to this email directly, view it on GitHub https://github.com/VirusTotal/yara-x/issues/129#issuecomment-2134514987, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQIJX2EEHEQL2LBOQCJPXE3ZEQV73AVCNFSM6AAAAABILHZO6WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZUGUYTIOJYG4 . You are receiving this because you authored the thread.Message ID: @.***>
Hi, so happy for this x update. we developed layer on the Yara that running yara scans of multiple files on windows OS automatically with our exe. its distributed till now over 170K machines so we have the experience with the tool.
my request:
2.run as a service and read from specific directory like SYSVOL\Git Repo new yara rule files.
Im available here if it helps kfiro@cyray.io +972508117000