{
  "name": "Yara",
  "author": "Nils Kuhnert, CERT-Bund; Fabien Bloume, StrangeBee",
  "license": "AGPL-V3",
  "url": "https://github.com/BSI-CERT-Bund/cortex-analyzers",
  "version": "3.0",
  "description": "Check files against YARA rules, either from local filesystem or from one or multiple GitHub repositories. NOTE: Performance & execution time may be much longer according to the number of rules checked.",
  "dataTypeList": ["file"],
  "command": "Yara/yara_analyzer.py",
  "baseConfig": "Yara",
  "configurationItems": [
    {
      "name": "rules",
      "description": "Define the path rules folder",
      "type": "string",
      "multi": true,
      "required": false
    },
    {
      "name": "github_urls",
      "description": "GitHub URLs to get rules from. Expected format: https://github.com/owner/repo/tree/main or https://github.com/owner/repo/tree/main/subdir",
      "type": "string",
      "multi": true,
      "required": false
    },
    {
      "name": "github_token",
      "description": "GitHub Private Access Token",
      "type": "string",
      "multi": false,
      "required": false
    },
    {
      "name": "files_limit",
      "description": "Enforce a limit on the number of YARA files downloaded or tested against the file. Adjust with care as this may impact analysis time and resources on your Cortex instance.",
      "type": "number",
      "multi": false,
      "required": false,
      "defaultValue": 400
    }
  ],
  "registration_required": false,
  "subscription_required": false,
  "free_subscription": true,
  "integration_type": "local",
  "service_homepage": "https://virustotal.github.io/yara/"
}