a question about the yara server https://osquery.readthedocs.io/en/stable/deployment/yara/ "yara": { "signature_urls": { "sig_url_1": "https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0805.yar", "sig_url_2": "https://raw.githubusercontent.com/Yara-Rules/rules/master/crypto/crypto_signatures.yar", "sig_url_3": "https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT3102.yar" } } does the rule that is at that at the URL should be with quotes or without?

It has quotes, but I suggest checking the “latest” link (https://osquery.readthedocs.io/en/latest/deployment/yara/), because the whole format to express those url was incorrect in the wiki. The PR implementing it originally had that format but then it was changed before merging it.

i'm using osquery 4.8,

"yara": {
  "signature_urls": [
    "<https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0805>\\.yar",
    "<https://raw.githubusercontent.com/Yara-Rules/rules/master/crypto/crypto_signatures>\\.yar",
    "<https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT3102>\\.yar",
    "<https://raw.githubusercontent.com/Yara-Rules/rules/devel/CVE_Rules/CVE-.*>"
  ]
}

does it still possible there?

Yes, the format never was the one on the wiki