AgentSkillsCN

YARA Rules Skill

支持YARA规则的创建、测试与部署

SKILL.md
--- frontmatter
name: YARA Rules Skill
description: YARA rule creation, testing, and deployment
allowed-tools:
  - Bash
  - Read
  - Write
  - Edit
  - Glob
  - Grep

YARA Rules Skill

Overview

This skill provides capabilities for YARA rule creation, testing, and deployment for malware detection and threat hunting.

Capabilities

  • Generate YARA rules from samples
  • Validate YARA rule syntax
  • Test rules against sample sets
  • Optimize rules for performance
  • Create rule metadata and documentation
  • Support YARA modules (PE, ELF, etc.)
  • Integrate with VirusTotal YARA
  • Generate Sigma rules for correlation

Target Processes

  • malware-analysis.js
  • threat-intelligence-research.js
  • security-tool-development.js

Dependencies

  • YARA CLI
  • yara-python library
  • VirusTotal API (optional)
  • Sample malware corpus (for testing)

Usage Context

This skill is essential for:

  • Malware detection rule development
  • Threat hunting operations
  • IOC-based detection
  • Malware family classification
  • Automated sample triage

Integration Notes

  • Rules can be tested against known good/bad samples
  • Performance metrics help optimize detection speed
  • Supports rule versioning and documentation
  • Can export to multiple detection platforms
  • Integrates with YARA-L for Chronicle