Description
We're introducing a new feature called 'Custom YARA signatures'. It'll be an Endpoint artifact (next to Trusted applications, Endpoint exceptions etc.), and it allows users to create/import/manage YARA rules and assign them globally or per-policy in a similar fashion as other Endpoint artifacts.
Additional notes/todos
Resources
Epic: https://github.com/elastic/security-team/issues/13807
Design: https://www.figma.com/design/NWxuevM1wyjK8DGkWegLX5/-9.5--YARA-Rules?node-id=1-87532&p=f&t=qwj43EQjUc5QSORR-0
Work is still in progress.
Which deployment methods does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
It'll be the same in all environments.
What Elastic Stack release is this request related to?
9.6
Serverless release
Synced with 9.6 ESS release as it's tied to Elastic Agent versioned release
Collaboration model
The documentation team will create the first draft
Point of contact.
Main contact: @gergoabraham
Stakeholders: @raqueltabuyo @dasansol92
Description
We're introducing a new feature called 'Custom YARA signatures'. It'll be an Endpoint artifact (next to Trusted applications, Endpoint exceptions etc.), and it allows users to create/import/manage YARA rules and assign them globally or per-policy in a similar fashion as other Endpoint artifacts.
Additional notes/todos
Resources
Epic: https://github.com/elastic/security-team/issues/13807
Design: https://www.figma.com/design/NWxuevM1wyjK8DGkWegLX5/-9.5--YARA-Rules?node-id=1-87532&p=f&t=qwj43EQjUc5QSORR-0
Work is still in progress.
Which deployment methods does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
It'll be the same in all environments.
What Elastic Stack release is this request related to?
9.6
Serverless release
Synced with 9.6 ESS release as it's tied to Elastic Agent versioned release
Collaboration model
The documentation team will create the first draft
Point of contact.
Main contact: @gergoabraham
Stakeholders: @raqueltabuyo @dasansol92