Forum Discussion
Is there a way to use or convert YARA rule to Sentinel KQL query for detections
I have noticed that most malware detections are released in YARA language and Sentinel does not have baked in support for YARA rule. Keen to understand how others are dealing with this situation.
related questions:
Do you guys know who keeps the best/current yara rules?
Which rules would you say have the most value? Identity? EDR?
I'd imagine it would be painful to use yara against low level logs like windows events unless they're specific events like powershell.
