create_triage_rule
Define and apply custom YARA rules to scan specified areas like the filesystem, enabling targeted forensic analysis and incident response workflows within Binalyze AIR environments.
Instructions
Create a new triage rule
Input Schema
Name | Required | Description | Default |
---|---|---|---|
description | Yes | A descriptive name for the triage rule | |
engine | Yes | Rule engine to use, e.g., "yara" | |
organizationIds | No | Organization IDs to associate with this rule. Defaults to [0] | |
rule | Yes | The YARA rule content | |
searchIn | Yes | Where to search, e.g., "filesystem" |