YARA Rule Authoring

When to Use

• Writing YARA rules to detect malware samples or families
• Creating detection signatures for indicators of compromise (IOCs)
• Scanning files or directories for known threat patterns
• Building threat hunting rules from intelligence reports
• Classifying unknown samples based on behavioral or structural patterns

When NOT to Use

• Dynamic malware analysis (use sandbox environments)
• Network traffic analysis (use Suricata/Snort rules)
• Static analysis of source code (use Semgrep/CodeQL)

Rule Template