all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Effective YARA rule search at scale?

Add to bookmarks
Dec. 27, 2023, 9:23 a.m. | /u/Consistent-Music-471

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Hi all,

I want to hear about your solutions for querying YARA search at scale (1000+ endpoints, many rules at a time, scheduled)

Things I’ve tried:
- Creating a script through our EDR to scan a small set of rules (works slowly, limited to 50 endpoints, ran manually)
- Same process with Powershell Remoteing

Any other suggestions? Maybe there’s an endpoint agent that offers that?

Thank you!

blueteamsec edr endpoints powershell process rules scale scan script search solutions things yara yara rule

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts 1 day, 2 hours ago | www.reddit.com
blueteamsec dmarc exploit north +5
Investigating Microsoft Graph Activity Logs 1 day, 4 hours ago | www.reddit.com
blueteamsec graph logs microsoft
New Ivanti vulnerability 1 day, 4 hours ago | www.reddit.com
blueteamsec can cvss ivanti +4
How an empty S3 bucket can make your AWS bill explode - "As it turns … 1 day, 14 hours ago | www.reddit.com
aws backups bill blueteamsec +9
Any tips for doing a living off the land threat hunt on your own computer? 1 day, 20 hours ago | www.reddit.com
blueteamsec clients computer computers +18
Sodinokibi/REvil Affiliate Sentenced for Role in $700M Ransomware Scheme 1 day, 22 hours ago | www.reddit.com
affiliate blueteamsec ransomware revil +3
A Summary of 6 Months Tracking AiTM Campaigns 2 days, 8 hours ago | www.reddit.com
aitm blueteamsec campaigns tracking
Unpacking with Windows Defender 2 days, 14 hours ago | www.reddit.com
blueteamsec defender unpacking windows +1
National Security Memorandum on Critical Infrastructure Security and Resilience | The White House 2 days, 14 hours ago | www.reddit.com
blueteamsec critical critical infrastructure house +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Financial Crimes Compliance - Senior - Consulting - Location Open

@ EY | New York City, US, 10001-8604
View on infosec-jobs.com

Software Engineer - Cloud Security

@ Neo4j | Malmö
View on infosec-jobs.com

Security Consultant

@ LRQA | Singapore, Singapore, SG, 119963
View on infosec-jobs.com

Identity Governance Consultant

@ Allianz | Sydney, NSW, AU, 2000
View on infosec-jobs.com

Educator, Cybersecurity

@ Brain Station | Toronto
View on infosec-jobs.com

Principal Security Engineer

@ Hippocratic AI | Palo Alto
View on infosec-jobs.com
View more jobs