With YARA being new for a majority of people outside of malware analysis or cybersecurity, it would be beneficial to enable functionality that makes writing the rules easier. This would be similar to the "sort inbox by <criteria>" that's clickable from the first page of message details but instead it would start up a "YARA Rule Wizard" asking you some basic information and create a rule to use in an Action.
Alternatively, there could be a "Create Action from Message". Similar to how you can create a rule in Outlook from any message, and the result would be a new action with a fully formatted YARA rule ready to test/deploy.
Please sign in to leave a comment.