Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

<@U06DUA4KLPP> Have you run osquery with `--verbose`? You have to allow that url first, you might want to check: <https://osquery.readthedocs.io/en/latest/deployment/yara/#retrieving-yara-rules-at-runtime>

at now, all files from <https://yarahq.github.io> triggers error Failed to get YARA rule url

when i'm trying to use these files in signatures section, i'm getting error
I0115 22:36:31.483906 -655699968 yara_utils.cpp:426] Compiling YARA signature group: sig-group-1
I0115 22:36:31.896167 -655699968 yara_utils.cpp:103] YARA rule file /Users/user/project/yara-rules-full.yar(195593): error: invalid field name "classes"
I0115 22:36:32.256493 -655699968 yara_utils.cpp:429] YARA rule compile error: Compilation errors

seems like dotnet module for yara not imported by default because yara version is outdated