Importing YARA rules

To import YARA rules:

In the window of the program web interface, select the Custom rules section, YARA subsection.
Click Upload.
This opens the file selection window.
Select the YARA rule file that you want to upload and click Open.
This closes the file selection window and opens the Import YARA rules window.

The maximum allowed size of an uploaded file is 20 MB.

A report is displayed in the lower part of the window. The report contains the following information:
- The number of rules that can be successfully imported.
- The number of rules that will not be imported (if any).
  For each rule that cannot be imported, its name is listed.
Select the Traffic scanning check box if you want to use imported rules for streaming scans of objects and data received at the Central Node.
If necessary, enter any additional information in the Description field.
The Importance field cannot be edited. By default, alerts generated by uploaded YARA rules are assigned a high level of importance.
Under Apply to, select check boxes corresponding to servers on which you want to apply the rules. Servers whose check box is cleared are not scanned using the uploaded rules. If the check box in the row of the tenant (the first row in the list) is cleared, servers of this tenant added in the future will also not be scanned using the uploaded rules.
The Apply to group of settings is displayed only when you are using the distributed solution and multitenancy mode.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).
Click Save.

Imported rules are displayed in the table of YARA rules.