Anthropic-Cybersecurity-Skills/skills/performing-yara-rule-development-for-detection/references/workflows.md

YARA Rule Development Workflows

Workflow 1: Sample-Driven Rule Creation

[Malware Sample] --> [Static Analysis] --> [Extract Unique Strings] --> [Draft Rule]
                                                                            |
                                                                            v
                                                                 [Test Against Samples]
                                                                            |
                                                                            v
                                                                 [Test Against Clean Files]
                                                                            |
                                                                            v
                                                                 [Deploy to Production]

Workflow 2: Family-Wide Detection

[Multiple Samples] --> [Cross-Sample Analysis] --> [Find Common Patterns]
                                                          |
                                                          v
                                                  [Build Generic Rule]
                                                          |
                                                          v
                                                  [Validate Coverage]

Workflow 3: Threat Hunt Integration

[Intelligence Report] --> [Extract IOCs] --> [Convert to YARA] --> [Retrohunt]
                                                                       |
                                                                       v
                                                              [Triage New Matches]