https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi everyone, How to update yara files from kolide ...
# kolide
p
Hi everyone, How to update yara files from kolide fleet server to all client?
i want to use yara table but i must create sig files in client. How to mgt it for 1000 clients?
s
Are you asking about Kolide’s SaaS, or about Fleet?
regarding launcher — we do not maintain a mechanism to distribute yara configuration. You may be able to use other tool, or to use the newer yara rule funtions
(Yara rules can be distributed by URL or embeded in the queries)
p
Yara rules can be distributed by URL
Could you show me the example?
i am using kolile fleet + launcher
s
p
thank you, great =)))
s
Kolide no longer maintains fleet. You may wish to loo at #fleet for the community and vendors there. We do maintain launcher, it is the agent for our SaaS.
p
W0127 09:17:21.964015 60020 yara.cpp:247] Failed to get YARA rule url: sig_url_2
i have a problem
@seph i dont find flag to enable it
s
I don’t understand your question.
Launcher has nothing related to this.
If you need to pass a flag to osquery, set it in osquery’s config, or use launcher’s 
osquery_flag
p
W0127 09:17:21.964015 60020 yara.cpp:247] Failed to get YARA rule url: sig_url_2
The feature will be disabled by default and can be enabled with a hidden flag 
enable_yara_sigurl
but i dont find enable_yara_sigurl flag
s
That’s an osquery flag
p
but osquery dont have this flag 🙂
s
I’m not sure that flag is needed. Have you either read the PR, or tried this?
p
i tried it. return err is: 
W0127 09:17:21.964015 60020 yara.cpp:247] Failed to get YARA rule url: sig_url_2
3 Views
Open in Slack
PreviousNext
Powered by