I want to have a server that manage all the yara queries. the problem is that I don't want to add every time new rule to the conf file like at the example at the osquery site. because it means I will need to deploy the new file evry time at all the agents. example: "yara": { "signature_urls": { "sig_url_1": "https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0805.yar", "sig_url_2": "https://raw.githubusercontent.com/Yara-Rules/rules/master/crypto/crypto_signatures.yar", "sig_url_3": "https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT3102.yar" } } I wanted to know if there is any way that I will have yara server that manage all the queries without modifying the conf file every time I add the server new query.

I thought those supported wildcards? Try adding a

*

and seeing if it works

@seph I'm sorry I didn't understand what do you mean. do you mean that is 100% possible with regex?

That will actually help me greatly, so I will pay it forward and submit a PR once I confirm 👍

You should be able to use the regex like this:

"yara": {
    "signature_urls": [
"<https://raw.githubusercontent.com/Yara-Rules/rules/master/.+>"
    ]
}

thanks @Ignacio