Hi Team

I am trying to replicate an alert that was built in Splunk .
1) Use case is to check an anomaly in the SMB traffic . For this in Splunk we were using firewall traffic over port 139 and 445 and calculating the average and std dev between src and dest in a day and using the outlier concept which is if if traffic observed at a given point is above the (avg +2 std dev ) then an alert should trigger .
can we built this alert in YARA L ?