ASTRAEA SENTINEL

🚀 Quickstart

Welcome to the quickstart guide for integrating YARA rules into your Wazuh setup.

Generate your YARA rule

You can generate a YARA rule using the Astraea Sentinel platform.

  1. Access the Astraea Sentinel Dashboard

    • No Premium subscription required for certain public rules (e.g., WannaCry detection).
    • Premium users have full access to all threat types.

  2. Check your available credits

    • Display in the top-left.

      🔁 Rule generation costs 1 credit per rule.

Save the rule

Save the .yar file to the correct Wazuh directory:

sudo cp my-rule.yar /var/ossec/etc/rules/local_rules/

Restart Wazuh

Make sure Wazuh picks up the new rules:

sudo systemctl restart wazuh-manager

Done!

You should now see your custom alerts in Wazuh if the rule matches any activity.

Happy hunting! 🛡️