YARA rules
File scanning on artifacts and agents. Telemetry rules
2 rules 2 enabled 1 recent matches
| Name | Severity | Status | MITRE | Action |
|---|---|---|---|---|
| EICAR test file Standard antivirus test string (harmless). | medium | on sim | T1204 |
|
| PowerShell dropper patterns Encoded command and download cradle indicators. | high | on | T1059.001 |
|
Recent matches (1)
| Rule | File | Alert | Date |
|---|---|---|---|
| PowerShell dropper patterns | /tmp/suspicious.ps1 |
#3 | 09/06/2026 00:56 |