but the SIGFILE is only displaying the TOP level yara file m

Question

but the SIGFILE is only displaying the TOP level yara file making it difficult to know exactly what Yara file was triggered Thank you for any help and consideration

Akshay Kumar · Answer

Hi Mike Sigfile column only shows the top level yara file and not the include file that triggered the match It also has `matches` column that lists the Yara matches

Akshay Kumar · Answer

It uses `libyara` interface for scanning which does not provide a way to get which include yara file the matches belong to It only tells you the matches based on top level sigfile

mike maxwell · Answer

Thank you for the reply