The table of user-defined YARA rules contains information about YARA rules that are used to scan files and objects and to create alerts; the table is displayed in the Custom rules section, YARA subsection of the application web interface window.
The table contains the following information:
Created is the rule creation time.
—Alert importance for the Kaspersky Anti Targeted Attack Platform user depending on the impact this alert may have on computer or corporate LAN security based on Kaspersky experience.
By default, alerts generated by uploaded YARA rules are assigned a high level of importance.
Type is the type of the rule depending on the operating mode of the application and the role of the server which generated the rule:
Global—Created on the PCN server. These rules are used to scan files and objects received at the PCN server and all SCN servers connected to that PCN server. Scanned files and objects belong to the tenant which the user is managing in the application web interface.
Local—Created on the SCN server. These rules are used to scan files and objects received at the SCN server. Scanned files and objects belong to the tenant which the user is managing in the application web interface.
Name – name of the rule.
File name is the name of the file from which the rule was imported.
Created by is the name of the user whose account was used to import the rule.
Servers is the name of the server with the PCN or SCN role to which the rule applies.
Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.
Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).
Traffic scanning is the usage status of the rule when stream scanning files and objects arriving at the Central Node: