Submit YARA and behavioral rule files

Upload a custom YARA or behavioral rule file.

Resource URL

POST https://<MATD_IP>/php/contentUpdate.php

Specify these HTTP headers in the resource URL request:

  • Accept: application/vnd.ve.v1.0+json
  • VE-SDK-API: Base64 encoded "session:user id" string

Input parameters

Input key Input value Description
command customYaraUpload Indicates that the API accepts input files.
ftype customYaraScanner The input file is a custom YARA file.
customBehaviorRule The input file is a custom behavior rule file.
contentFile In read mode, opens the input yara file on the local machine. Indicates the path to the YARA file on local machine.
Note: The input file must be a .yara extension.

Output parameters

Input key Input value Description
success
  • true
  • false
true indicates that the YARA or behavior rule file is valid and accepted.
message The API call success or failure message description.

Custom behavior rule file upload example

Input

Clients send the sample input stream to the contentUpdate.php. An example in Python:
postdata = {"command":"customYaraUpload", "ftype":" customBehaviorRule"}
file_up = {'contentFile': open(‘/root/custBehavior.yara’, 'r')}
file_upload_req =requests.post(url,postdata,files=file_up,headers=headers,verify=False)

Output

{"success": "true", "message":"Custom Behavioral Rules uploaded successfully."}

Custom YARA file upload example

Input

Client sends the sample input stream to the contentUpdate.php. An example in Python:
postdata = {"command":"customYaraUpload", "ftype":" customYaraScanner"}
file_up = {'contentFile': open(‘/root/aliceYaraFile.yara’, 'r')}
file_upload_req =requests.post(url,postdata,files=file_up,headers=headers,verify=False)

Output

{"success": "true", "message":"Custom YARA Scanner Rules uploaded successfully."}