osquery and yara rules

init In the previous post 1 we have installed osquery and seen how it works. In the writeup, we will try to match a yara rule with one of the file we will create to understand how it wall works. Now we will make a directory in the home directory called yara-rules in that directory you will need two files. The contents of those files are given below: $ cat ~/yara-rules/example1.

