startYaraScan

You can use this method to initiate an On-demand scan on the specified targets, using a YARA rule to detect files that match the rule conditions.

Parameters

Parameter	Description	Included in request	Type	Values
`ruleId`	The ID of the YARA rule used to define the scan detection conditions.	Mandatory	String	This parameter should consist of exactly 24 hexadecimal characters.
`paths`	The local directories that will be scanned.	Optional Warning When this parameter is missing or set to an empty array, all disk drives are included in the scan. Because this operation can consume significant resources, it may lead to performance issues.	Array of Strings	Each string in the array should be a valid absolute path on at least one of the endpoints that the YARA rule targets. The paths do not support wildcard characters, but they support system variables. Important On-demand scanning of network shares is not supported for YARA rules.

Parameter

Description

Included in request

Type

Values

ruleId

The ID of the YARA rule used to define the scan detection conditions.

Mandatory

String

This parameter should consist of exactly 24 hexadecimal characters.

paths

The local directories that will be scanned.

Optional

Warning

When this parameter is missing or set to an empty array, all disk drives are included in the scan. Because this operation can consume significant resources, it may lead to performance issues.

Array of Strings

Each string in the array should be a valid absolute path on at least one of the endpoints that the YARA rule targets.

The paths do not support wildcard characters, but they support system variables.

Important

On-demand scanning of network shares is not supported for YARA rules.

General parameters

These are common parameters, available across all public API methods:

Parameter	Description	Included in request	Type	Value requirements
`id`	This parameter adds an identifier to the request, linking it to its corresponding response. The target replies with the same value in the response, allowing easy call tracking.	Mandatory	String	No additional requirements. Example "id": "ad12cb61-52b3-4209-a87a-93a8530d91cb"
`method`	The name of the method you are using to send the request.	Mandatory	String	Must be a valid method name. Example "method": "methodName"
`jsonrpc`	The version of JSON-RPC used by the request and the response.	Mandatory	String	The only possible value is `2.0`. Example "jsonrpc": "2.0"
`params`	An object containing the configuration of the request.	Mandatory	Object	No additional requirements. Example "params": {...}

Return value

Attribute	Type	Description
`result`	Boolean	This attribute is set to `true` if the scan task starts successfully. Otherwise, it is set to `false`.

Tip

You can view the task generated for this scan in GravityZone Control Center, in the Network > Tasks section.
You can view detailed results of the scan in the Network > Endpoint details > Scan Logs tab from GravityZone Control Center.
A record of the scan, together with its details and results, is available in the Accounts > User activity section from GravityZone Control Center.

Example

Request:

{
  "jsonrpc": "2.0",
  "method": "startYaraScan",
  "params": {
    "ruleId": "66b3f7a8291b2d4c5e8f9012",
    "paths": [
      "C:\\",
      "D:\\Users\\Public\\Downloads",
      "/home",
      "/var/tmp"
    ]
  },
  "id": "c3c996ca-68d6-4f13-9a87-7e0a8ad9b9e1"
}

Response:

{
  "jsonrpc": "2.0",
  "id": "c3c996ca-68d6-4f13-9a87-7e0a8ad9b9e1",
  "result": true
}

In this section: