May rollout: REST API v1, brand-asset visual matching, malvertising detection, $79 Solo tier, no-card 14-day trial. See what shipped
Search threats, CVEs, actors… ⌘K Open dashboard
Detection · YARA

Custom YARA rules

Ship your own detection rules into our scanner. Each rule is validated against the production yara 4.5 binary on save and ships into the URL-scan pipeline on the next scan after activation. Rules live alongside our 32 curated public-source rules; matches surface in the per-finding rule citation chip.

Start typing or paste a rule. Validation runs on save.
Quick reference: Rules apply to the captured DOM HTML of every URL we scan for your account. Body must contain a rule <name> keyword and stay under 32 KB. Allowed imports: math, hash, string. Use $x_ prefix for highly specific strings, $s_ for grouped strings, $fp_ for false-positive filters. Test syntax with the Validate button (no save). See the YARA documentation for the full rule language.