What are some YARA rules we should add as system rules?

Currently we have a select few rules that are generalized for all organizations. Are there any extra rules that we should add?

System rules are meant to be able to be turned on for the majority of organizations. They aren’t meant to always be a definitive “this is good or bad” but they should be able to give a quick insight into some attribute of the email. Most of our current system rules aren’t definitive but if you see a financial and an urgency tag on an email you may want to take a closer look!

An example of a suggested system rule could be “We plan on adding a bitcoin address finder.”. This rule will look for any emails that have a bitcoin address in them. While having a bitcoin address doesn’t mean an email is definitively bad, unless you deal with them on a consistent basis you should definitely be wary!

Do keep in mind these have to be generalized for most organizations to be able to just set and forget!

1 Like

Privacy Policy | Terms of Service