Channels
#kolide
Title
# kolide
p
poisonous97
01/25/2021, 9:41 AMHi everyone, How to update yara files from kolide fleet server to all client?
i want to use yara table but i must create sig files in client. How to mgt it for 1000 clients?
s
seph
01/25/2021, 2:40 PM
Are you asking about Kolide’s SaaS, or about Fleet?
regarding launcher — we do not maintain a mechanism to distribute yara configuration. You may be able to use other tool, or to use the newer yara rule funtions
(Yara rules can be distributed by URL or embeded in the queries)
p
poisonous97
01/27/2021, 1:55 AMYara rules can be distributed by URLi am using kolile fleet + launcher
s
seph
01/27/2021, 1:58 AM
p
poisonous97
01/27/2021, 1:58 AMthank you, great =)))
s
seph
01/27/2021, 1:59 AM
Kolide no longer maintains fleet. You may wish to loo at #fleet for the community and vendors there.
We do maintain launcher, it is the agent for our SaaS.
p
poisonous97
01/27/2021, 9:20 AMW0127 09:17:21.964015 60020 yara.cpp:247] Failed to get YARA rule url: sig_url_2@seph i dont find flag to enable it
s
seph
01/28/2021, 4:34 AM
I don’t understand your question.
Launcher has nothing related to this.
If you need to pass a flag to osquery, set it in osquery’s config, or use launcher’s
osquery_flagp
poisonous97
01/28/2021, 4:35 AMW0127 09:17:21.964015 60020 yara.cpp:247] Failed to get YARA rule url: sig_url_2The feature will be disabled by default and can be enabled with a hidden flag
enable_yara_sigurlbut i dont find enable_yara_sigurl flag
s
seph
01/28/2021, 4:39 AM
That’s an osquery flag
p
poisonous97
01/28/2021, 4:41 AMbut osquery dont have this flag 🙂
s
seph
01/28/2021, 5:56 AM
I’m not sure that flag is needed. Have you either read the PR, or tried this?
p
poisonous97
01/28/2021, 7:26 AMi tried it. return err is:
W0127 09:17:21.964015 60020 yara.cpp:247] Failed to get YARA rule url: sig_url_23 Views