Skip to main content
Version: Spectra Analyze 9.7.0

YARA Repositories

Spectra Analyze > Administration > Integrations & Connectors > YARA Repositories

YARA rulesets can be imported from preconfigured online repositories or from custom GitHub repositories added by admins or authorized users.

To access the page where you can add, edit and delete YARA repositories, do either of the following:

  • Go to Administration > Integrations & Connectors > YARA Repositories.
  • From the YARA page, click Actions > Manage YARA Repositories.

On this page, click Add Repository and provide the following information:

  • Repository URL: mandatory. Specifying the repository URL supports including a custom port when the YARA repository is hosted on a non-standard port. Custom ports are supported for both direct connections and connections through a proxy.
  • Repository name: mandatory.
  • Source branch: optional. If the source branch is not specified, the default repository branch is used, for example, main.
  • API token: optional. Enter an API token if the repository requires authentication.
  • Update/import preferences:
    • Manual: selected by default. The repository appears in the Import From Online Sources list, and rules are only be imported when a user manually triggers the import. In this case, the imported rules are owned by the user performing the import.
    • Auto-Update/Auto-Update & Auto-Import: if either of these options is selected, the system monitors the repository for changes, and any updates are imported by the yara_import_service_user account once an hour.

Adding a GitHub repository

To add a private GitHub repository, you must create a personal access token in your GitHub account and provide it under API token when adding the repository. This token lets Spectra Analyze access the repository to import YARA rules.

Choose one of the following token types: