Search
SupportConsoleDevelopersStart a trialContact

Chapter 1. Insights for RHEL malware detection service overview

download PDF

The Red Hat Insights for Red Hat Enterprise Linux malware detection service is a monitoring and assessment tool that scans RHEL systems for the presence of malware. The malware detection service incorporates YARA pattern-matching software and malware detection signatures. Signatures are provided in partnership with the IBM X-Force threat intelligence team working closely with the Red Hat threat intelligence team.

In the malware detection service UI, User Access-authorized administrators and viewers can

  • See the list of signatures against which their RHEL systems are scanned.
  • See aggregate results for all RHEL systems with malware detection enabled in the Insights client.
  • See results for individual systems.
  • Know when a system shows evidence of the presence of malware.

These features give security threat assessors and IT incident-response teams valuable information to prepare a response.

The malware detection service does not recommend resolutions to resolve or remediate malware incidents.

The strategy to take in addressing a malware threat depends on a lot of criteria and considerations specific to each system and organization. Your organization’s security incident response team is best qualified to design and implement an effective mitigation and remediation strategy for each circumstance.

1.1. YARA malware signatures

YARA signature detection is the cornerstone of the Insights for Red Hat Enterprise Linux malware detection service. YARA signatures are descriptions of malware types expressed as patterns. Each description consists of a set of strings and a boolean expression that define a rule. When one or more of the conditions in a signature exist on a scanned RHEL system, YARA records a hit on that system.

1.2. IBM X-Force Threat Intelligence signatures

The Insights for Red Hat Enterprise Linux malware detection service includes predefined signatures developed by the IBM X-Force Threat Intelligence team to expose malware running on RHEL systems. Signatures compiled by the X-Force threat intelligence team are identifiable in the malware detection service by the XFTI- prefix, for example, XFTI_FritzFrog.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.