We’ve updated the Script Library section to include YARA rules. I’ve made a quick video (sorry for the cheesy graphics...) on how to install a YARA rule from this site and perform your first scan!
Sticky
How to install a YARA rule with Veeam
+10
+21Thanks for sharing this, Rick. I was about to ask if you were going to do a “how to” video for installing the rules. 😋
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
+20Absolutely GREAT beginner ‘how-to’ vid on using these rules Rick. Thanks!
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
+10Chris.Childerhose wrote:
Thanks for sharing this, Rick. I was about to ask if you were going to do a “how to” video for installing the rules. 😋
Hahaha that’s funny. But I think that screen that has the scan needs some explanation and people just need to use it.
Twitter @RickVanover | Email: rick.vanover@veeam.com
+10Oh and I didn’t want everyone to wait during the video, but here is the result of the scan:
Twitter @RickVanover | Email: rick.vanover@veeam.com
+20Personally, I don’t like how the date is formatted after choosing the dates...can be confusing. And yeah...how you choose it is odd, but makes sense. I think the wording on those 2 dates could be changed to be more descriptive, like “Start from (today)” instead of Start Date; and “End Date (until)”, or something similar for the ‘End Date’.
Hopefully folks will read up on what each option is used for.
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
+20Rick Vanover wrote:
Oh and I didn’t want everyone to wait during the video, but here is the result of the scan:
Cool! I forgot about even seeing the results! 😂😆
Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
+21Rick Vanover wrote:
Chris.Childerhose wrote:
Thanks for sharing this, Rick. I was about to ask if you were going to do a “how to” video for installing the rules. 😋
Hahaha that’s funny. But I think that screen that has the scan needs some explanation and people just need to use it.
Yeah, going to take some getting used to for sure. Going to play in the homelab with these sample rules.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
1 person likes this
+22Excellent video and will really help everyone just starting out with Yara scans!
VMCA2024, VMCE2023, VMCE2024-SP,CKA, LFCS, PCA,TARS
+21Got them installed in the lab and testing. Very interesting for sure.
Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Thanks for the video. Will there be an option later to run multiple YARA rules at the same time?
1 person likes this
+10Mike Edwards wrote:
Thanks for the video. Will there be an option later to run multiple YARA rules at the same time?
Mike Edwards wrote:
Thanks for the video. Will there be an option later to run multiple YARA rules at the same time?
Hi Mike - it is not implemented currently (nor scan on multiple images). Both are feature requests on our side/internally.
Twitter @RickVanover | Email: rick.vanover@veeam.com
+10Mike Edwards wrote:
Thanks for the video. Will there be an option later to run multiple YARA rules at the same time?
Oh and welcome to the Veeam Community
Twitter @RickVanover | Email: rick.vanover@veeam.com
Comment
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.