---
name: YARA Rules Skill
description: YARA rule creation, testing, and deployment
allowed-tools:
  - Bash
  - Read
  - Write
  - Edit
  - Glob
  - Grep
---

# YARA Rules Skill

## Overview

This skill provides capabilities for YARA rule creation, testing, and deployment for malware detection and threat hunting.

## Capabilities

- Generate YARA rules from samples
- Validate YARA rule syntax
- Test rules against sample sets
- Optimize rules for performance
- Create rule metadata and documentation
- Support YARA modules (PE, ELF, etc.)
- Integrate with VirusTotal YARA
- Generate Sigma rules for correlation

## Target Processes

- malware-analysis.js
- threat-intelligence-research.js
- security-tool-development.js

## Dependencies

- YARA CLI
- yara-python library
- VirusTotal API (optional)
- Sample malware corpus (for testing)

## Usage Context

This skill is essential for:
- Malware detection rule development
- Threat hunting operations
- IOC-based detection
- Malware family classification
- Automated sample triage

## Integration Notes

- Rules can be tested against known good/bad samples
- Performance metrics help optimize detection speed
- Supports rule versioning and documentation
- Can export to multiple detection platforms
- Integrates with YARA-L for Chronicle