The YARA results overview header provides high level information about the hunt including the name of the YARA rule, the number of matches in each sample repository, and the hunt status.
Rule Details
The rule details windows provide information about the YARA rule, revision, and the scan options.
The 🔄 button can be used to initiate another YARA Hunt using the current rule and the full rule can be viewed by expanding the rule window.
Rule Validation
The rule validation window provides an overview of the rule validation tests and can be expanded to show details for each test.
Matches Overview
The matches overview window displays the total number of matches and can be expanded to show detailed information about the matches.
Associated Analysis
The Associated Analysis count refers to the number of submissions or analysis reports that are associated with the matches. This can provide useful insight into packed samples.
For example, a YARA hunt that returns only one match but hundreds of a associated analysis might indicate that the YARA rule was matching on the unpacked payload of a malware that was normally packed.
Matches Distribution
The matches distribution bar visually indicates the distribution of matches between the sample repositories. This can provide useful insight by differentiating matches by packed and unpacked samples.