YARA
Schema-driven detector documentation.
YARAactiveP15 params9 examples
Detector Metadata
Capability catalog entry from
all_detectors.json.Categories
THREATSECURITY
Supported Asset Types
TXTTABLEURLBINARY
Recommended Model
yara-pythonNotes
Uses security rules to identify known malware patterns or suspicious file content.
Parameters
Configuration parameters for the YARA detector. Shared from `ThreatDetectorConfig`.
| Parameter | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| rules | array | null | No | Rules to compile and run. When null or empty no scan is performed. | null | — |
| timeout | integer | No | Maximum seconds to spend scanning a single asset before aborting. | 60 | — |
| confidence_threshold | number | No | Minimum confidence score to report a finding (0-1). YARA confidence is computed from match count. | 0.7 | min 0, max 1 |
| max_findings | integer | null | No | Maximum number of findings to return per asset | null | — |
| severity_threshold | enum | null | No | Minimum severity level to include in results. Findings below this threshold are suppressed. | null | — |