Delete a YARA rule

Deleting Yara rules is remarkably similar to Enabling/Disabling rules.

🚧

Note

You are only able to delete rules that were created by your organization and originate from within your environment. You cannot delete shared rules.

Deleting certain Yara rules can have a significant impact on detection capabilities but also can reduce alert noise for more broader rules that cast a wide net. Note that once a rule is deleted, it cannot be recovered. You may want to consider disabling a rule if you think you may want to preserve some of the rule logic for later.

To delete a rule, navigate to the Yara rules tab and select the rule you wish to delete:

Click the trashcan icon to delete the rule. The platform will ask you to confirm as this cannot be undone. Conversely, multiple rules can be deleted at once by selecting the rules you want and then clicking the three dots at the top right corner of the rule listing pane: