YARA Repository Management API
Retrieve a list of all configured repositories
GET yara/repositories/
Retrieve a list of all configured YARA repositories, with optional filtering by page, and custom or system repositories.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
active_filter | Optional | Filter repositories by type. Supported values: all, user (custom repositories only), system (system repositories only) | query, string |
page | Optional | A page number within the paginated result set. | query, integer |
page_size | Optional | Number of results to return per page. | query, integer |
Request Examples
cURL
# Add --insecure before the URL if using a self-signed SSL certificate
curl -X GET 'https://appliance.example.com/api/yara/repositories/' \
--header 'Authorization: Token exampletoken'
Python
import requests
token = "exampletoken"
url = "https://appliance.example.com/api/yara/repositories/"
headers = {
"Authorization": f"Token {token}"
}
# Add verify=False for self-signed SSL certificates
response = requests.get(url, headers=headers)
print(response.json())
Response Format
Response Example
{
"count": 123,
"next": "http://api.example.org/api/yara/repositories/?page=4",
"previous": "http://api.example.org/api/yara/repositories/?page=2",
"results": [
{
"id": 0,
"url": "string",
"name": "string",
"source_branch": "string",
"source_type": 0,
"api_token": "string", // Not returned in plain text. Empty string if unset, '********' if set.
"import_update_preferences": 0,
"is_custom": true,
"last_modified": "2025-07-04T12:22:33.472Z",
"user": 0
}
]
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 |
Create a new repository
POST yara/repositories/
Create a new YARA repository for fetching and managing YARA rules. The system will verify connectivity to the provided repository before creation.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
url | Required | URL pointing to the remote ruleset repository. | query, string |
name | Required | Display name for the repository. | query, string |
source_branch | Optional | Git branch to pull rulesets from. Defaults to main or master if omitted. | query, string |
api_token | Optional | Token used to authenticate to private remote repositories. | query, string |
import_update_preferences | Optional | Integer enum representing importing update preferences. Supported values: 0 - Manual, 1 - Auto-Update, 2 - Auto-Update and Auto-Import. | query, integer |
Request Examples
cURL
curl -X POST 'https://appliance.example.com/api/yara/repositories/' \
--header 'Authorization: Token exampletoken' \
--header 'Content-Type: application/json' \
--data '{
"url": "string",
"name": "string",
"source_branch": "string",
"api_token": "string",
"import_update_preferences": 0
}'
Python
import requests
token = "exampletoken"
url = "https://appliance.example.com/api/yara/repositories/"
data = {
"url": "string",
"name": "string",
"source_branch": "string",
"api_token": "string",
"import_update_preferences": 0
}
headers = {
"Authorization": f"Token {token}",
"Content-Type": "application/json"
}
response = requests.post(url, headers=headers, json=data)
print(response.json())
Response Format
Response Example
{
"message": "string"
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 201 | |
| 400 | Validation error |
| 404 | Connection test failed |
Update existing repository
PUT yara/repositories/{repository_id}
Update the configuration of an existing YARA repository. The system will verify connectivity to the provided repository before updating.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
repository_id | Required | The ID of the repository to update. | path, integer |
url | Required | URL pointing to the remote ruleset repository. | query, string |
name | Required | Display name for the repository. | query, string |
source_branch | Optional | Git branch to pull rulesets from. Defaults to main or master if omitted. | query, string |
api_token | Optional | Token used to authenticate to private remote repositories. | query, string |
import_update_preferences | Optional | Integer enum representing importing update preferences. Supported values: 0 - Manual, 1 - Auto-Update, 2 - Auto-Update and Auto-Import. | query, integer |
Request Examples
cURL
curl -X PUT 'https://appliance.example.com/api/yara/repositories/' \
--header 'Authorization: Token exampletoken' \
--header 'Content-Type: application/json' \
--data '{
"url": "string",
"name": "string",
"source_branch": "string",
"api_token": "string",
"import_update_preferences": 0
}'
Python
import requests
token = "exampletoken"
url = "https://appliance.example.com/api/yara/repositories/"
data = {
"url": "string",
"name": "string",
"source_branch": "string",
"api_token": "string",
"import_update_preferences": 0
}
headers = {
"Authorization": f"Token {token}",
"Content-Type": "application/json"
}
response = requests.put(url, headers=headers, json=data)
print(response.json())
Response Format
Response Example
{
"message": "string"
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | Repository updated successfully |
| 400 | Validation error |
| 404 | Connection test failed |
Delete existing repository
DELETE yara/repositories/{repository_id}
Delete a configured YARA repository by ID. Only custom repositories can be deleted, and only by their owner or a superuser. Associated rulesets with the repository can optionally be removed.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
repository_id | Required | The ID of the repository to delete. | query, integer |
shouldRemoveRulesets | Optional | Remove all rulesets associated with the repository. Default value: false. | query, boolean |
Request Examples
cURL
# Add --insecure before the URL if using a self-signed SSL certificate
curl -X DELETE 'https://appliance.example.com/api/yara/repositories/1' \
--header 'Authorization: Token exampletoken'
Python
import requests
token = "exampletoken"
url = "https://appliance.example.com/api/yara/repositories/1"
headers = {
"Authorization": f"Token {token}"
}
# Add verify=False for self-signed SSL certificates
response = requests.delete(url, headers=headers)
print(response.status_code)
Response Format
Response Example
{
"message": "string"
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | Repository deleted successfully |
| 400 | Permission denied or system repository |
| 404 | Repository not found |
Configure update job cadence
POST yara/update/set-interval/{value}
Configure the interval (in seconds) at which the YARA update job runs automatically. Set the value in seconds. Setting the value to 0 disables automatic updates.
Sending a request to this endpoint introduces a short maintenance downtime.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
value_in_seconds | Required | Interval in seconds between automatic update job runs. Use 0 to disable. | path, integer |
Request Examples
cURL
# Add --insecure before the URL if using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/yara/update/set-interval/3600' \
--header 'Authorization: Token exampletoken'
Python
import requests
token = "exampletoken"
url = "https://appliance.example.com/api/yara/update/set-interval/3600"
headers = {
"Authorization": f"Token {token}"
}
# Add verify=False for self-signed SSL certificates
response = requests.post(url, headers=headers)
print(response.status_code)
Response Format
Response Example
{
"message": "Job cadence configured to 3600!"
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | Job cadence configured successfully |
| 403 | Permission denied |
Reset update job cadence
POST yara/update/reset-interval
Reset the update interval for repositories to the default value of 3600 seconds (1 hour).
Sending a request to this endpoint introduces a short maintenance downtime.
Request Format
Request Examples
cURL
# Add --insecure before the URL if using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/yara/update/reset-interval' \
--header 'Authorization: Token exampletoken'
Python
import requests
token = "exampletoken"
url = "https://appliance.example.com/api/yara/update/reset-interval"
headers = {
"Authorization": f"Token {token}"
}
# Add verify=False for self-signed SSL certificates
response = requests.post(url, headers=headers)
print(response.status_code)
Response Format
Response Example
{
"message": "Job cadence configured to 3600!"
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | Job cadence reset successfully |
| 403 | Permission denied |
Run update job on demand
POST yara/update/run
Manually trigger YARA update job execution. If an update job is currently running, the API request will fail with a conflict status code.
Request Format
Request Examples
cURL
# Add --insecure before the URL if using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/yara/update/run' \
--header 'Authorization: Token exampletoken'
Python
import requests
token = "exampletoken"
url = "https://appliance.example.com/api/yara/update/run"
headers = {
"Authorization": f"Token {token}"
}
# Add verify=False for self-signed SSL certificates
response = requests.post(url, headers=headers)
print(response.status_code)
Response Format
Response Example
{
"message": "Job running!"
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | Job started successfully |
| 403 | Permission denied |
| 409 | Job is already running |
Publish rulesets
POST yara/publish/all
Trigger a publishing process for all available non-system YARA rulesets in the appliance. Publishing process makes the latest revisions of YARA rulesets active and available for further use. This is a separate step from creating or updating a ruleset. When you create or update a ruleset, the change is saved as a new revision, but it is not automatically published. Rulesets must be explicitly published to apply changes system-wide. If YARA synchronization is enabled, publishing also propagates the updated rulesets to other appliances in the cluster. See Synchronizing YARA Rulesets with Other Appliances for more information.
Request Format
Request Examples
cURL
# Add --insecure before the URL if using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/yara/publish/all' \
--header 'Authorization: Token exampletoken'
Python
import requests
token = "exampletoken"
url = "https://appliance.example.com/api/yara/publish/all"
headers = {
"Authorization": f"Token {token}"
}
# Add verify=False for self-signed SSL certificates
response = requests.post(url, headers=headers)
print(response.status_code)
Response Format
Response Example
{
"error_messages": [
{
"revision_id": 0,
"ruleset_name": "string",
"message": "string"
}
],
"successful_publish_count": 0,
"total_count": 0
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | The publish process has completed. Check error_messages for any failures. |
| 403 | User is not authorized or Yara Sync is not enabled |
Publish a ruleset
POST yara/publish/{ruleset_name}
Trigger a publishing process for a single, non-system YARA ruleset in the appliance.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
ruleset_name | Required | Name of the ruleset to publish. | path, string |
Request Examples
cURL
# Add --insecure before the URL if using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/yara/publish/my_ruleset' \
--header 'Authorization: Token exampletoken'
Python
import requests
token = "exampletoken"
ruleset_name = "my_ruleset"
url = f"https://appliance.example.com/api/yara/publish/{ruleset_name}"
headers = {
"Authorization": f"Token {token}"
}
# Add verify=False for self-signed SSL certificates
response = requests.post(url, headers=headers)
print(response.status_code)
Response Format
Response Example
{
"message": "Publishing my_ruleset ruleset!"
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | The publish process has been initiated successfully. |
| 400 | The publish process has failed. Check message for more details. |
| 403 | User is not authorized or Yara Sync is not enabled |