create_triage_rule
Define and apply custom YARA rules to scan specified areas like the filesystem, enabling targeted forensic analysis and incident response workflows within Binalyze AIR environments.
Instructions
Create a new triage rule
Input Schema
Name | Required | Description | Default |
---|---|---|---|
description | Yes | A descriptive name for the triage rule | |
engine | Yes | Rule engine to use, e.g., "yara" | |
organizationIds | No | Organization IDs to associate with this rule. Defaults to [0] | |
rule | Yes | The YARA rule content | |
searchIn | Yes | Where to search, e.g., "filesystem" |
Input Schema (JSON Schema)
{
"properties": {
"description": {
"description": "A descriptive name for the triage rule",
"type": "string"
},
"engine": {
"description": "Rule engine to use, e.g., \"yara\"",
"type": "string"
},
"organizationIds": {
"description": "Organization IDs to associate with this rule. Defaults to [0]",
"items": {
"oneOf": [
{
"type": "string"
},
{
"type": "number"
}
]
},
"type": "array"
},
"rule": {
"description": "The YARA rule content",
"type": "string"
},
"searchIn": {
"description": "Where to search, e.g., \"filesystem\"",
"type": "string"
}
},
"required": [
"description",
"rule",
"searchIn",
"engine"
],
"type": "object"
}