Skip to main content

YARA - File Scan

This Playbook is part of the Yara Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

A playbook to run YARA scan against uploaded file. To run the playbook, provide the YARA rule content and the entry ID of the file you intend to scan.

Scripts#

  • YaraScan

Playbook Inputs#


NameDescriptionDefault ValueRequired
EntryIDThe entry ID of a file to scanFile.EntryIDOptional
YARAThe YARA rule contentOptional

Playbook Outputs#


PathDescriptionType
YaraThe Yara context pathunknown
Yara.FilenameThe filename of the file that was scanned.string
Yara.HasErrorWhether there was an error when performing the scan.boolean
Yara.HasMatchWhether the file matched any of the rules.boolean
Yara.entryIDThe entry ID of the scanned file.string
Yara.fileIDThe file ID of the scanned file.string
Yara.MatchCountThe number of rules that matched the file.number
ErrorsA list of errors that occurred during the scan.unknown
MatchesThe matches from the YARA scan.unknown
Matches.MetaMetadata about the rule (as defined in the rule itself).unknown
Matches.NamespaceThe namespace defined in the rule.string
Matches.RuleNameThe rule name that matched.string
Matches.StringsA list of strings that the rule matched.string
Matches.TagsA list of tags that are defined in the rule.unknown

Playbook Image#


YARA - File Scan