Skip to content

malwatch

Refresh

defended-net/malwatch

malwatch

defended-net/malwatch

Introduction
Introduction
- Why
Getting Started
Getting Started
- Quick Start
- Config Files
  Config Files
  - Layout
  - Secrets
  - Env Vars
- Commands
Usage
Usage
- Usage
- Signatures
  Signatures
  - Overview
  - Update
  - Refresh Refresh
    Table of contents
    
    cmd: malwatch signatures refresh
    
    False Positives
    
    Managed Signatures
    
    Important
- Actions
  Actions
  - Overview
  - Whitelist
  - Skip
  - Alert
  - Quarantine
  - Exile
  - Clean
cPanel
cPanel
- Usage
Developers
Developers
- Integrations
- Changelog
Support Project
Homepage

Refresh

cmd: `malwatch signatures refresh`

A signature refresh does not perform a signature base download, it rather compiles a new yara.compiled file based off signature source files referenced in index.yara.

False Positives

False positives are unavoidable when threat hunting. The actions feature can be used to whitelist directories, files and even entirely disable should any not be needed.

The official malwatch signature base has been tested against popular scripts to at least help reduce false positives.

Managed Signatures

Do you or your organisation need a professionally managed signature base fully customised to your threat profile? Contact us for direct to engineer service.

Important

If realtime monitoring is used, then please restart the malwatch-monitor process. If you use systemd then it can be done as follows:

systemctl restart malwatch-monitor