Skip to main content

Hi All 

I am trying to write a YARA L query where in  from my logs (process hash values and file hash values) needs to be compared with 

1) Reference list IOC feed

2) GCTI safe browsing feed. 

Can i do this both in a single query

when trying i am getting this error "

  • semantic analysis: match variable sha256 is not assigned to an event field

 

Cross posted my answer to https://www.googlecloudcommunity.com/gc/SIEM-Forum/Yara-doubt/m-p/822256

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.