search

PUNCH-Cyber / YaraGuardian

Django web interface for managing Yara rules
Apache License 2.0
189 stars 43 forks source link

Include yara testing #33

Open henimerze opened 6 years ago

henimerze commented 6 years ago

Will be amazing if it is possible to enable yara testing on a specified folder of files and send the results to the owner via email or just notify when it is done processing.

Taskr commented 6 years ago

Hi @henimerze! Thanks for your interest in YaraGuardian. Just so I understand the request clearly, do you mean adding the ability to submit and scan files against the repository rules and then receive a report/notification of results once the scanning is complete?

henimerze commented 6 years ago

Hi Adam,

No, I am actually thinking about submitting the actual yara rule for testing (or just adding a ‘test this yara rule’ button somewhere in the yara management) so that when clicked the rule will be checked against a folder of files (clean or malicious) and the list of files the rule hit will be displayed or emailed to the owner.

but what you mentioned is also a good feature to have too :)

On Aug 2, 2017, at 4:09 PM, Adam Trask notifications@github.com<mailto:notifications@github.com> wrote:

Hi @henimerzehttps://github.com/henimerze! Thanks for your interest in YaraGuardian. Just so I understand the request clearly, do you mean adding the ability to submit and scan files against the repository rules and then receive a report/notification of results once the scanning is complete?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/PUNCH-Cyber/YaraGuardian/issues/33#issuecomment-319783802, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ANWEQTUeNf4ppubcPtMiAxalOKOadQWpks5sUNeBgaJpZM4OriaM.

Taskr commented 6 years ago

Ah okay, now I understand. Essentially you want a way to test rules for false positives when scanned against a "clean" folder / set of files and/or verify it has some detection capability against a "malicious" folder / set of files. That sounds like a pretty useful feature. Will add to enhancement path.

henimerze commented 6 years ago

Exactly.

Thank you for the hard work. You have done a great work .

-------- Original message -------- From: Adam Trask notifications@github.com Date: 8/2/17 4:45 PM (GMT-05:00) To: PUNCH-Cyber/YaraGuardian YaraGuardian@noreply.github.com Cc: henimerze henok.asfaw@live.com, Mention mention@noreply.github.com Subject: Re: [PUNCH-Cyber/YaraGuardian] Include yara testing (#33)

Ah okay, now I understand. Essentially you want a way to test rules for false positives when scanned against a "clean" folder / set of files and/or verify it has some detection capability against a "malicious" folder / set of files. That sounds like a pretty useful feature. Will add to enhancement path.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/PUNCH-Cyber/YaraGuardian/issues/33#issuecomment-319792869, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ANWEQQxN17bl0RC-zchBuGSIn3gg_ZV-ks5sUN-wgaJpZM4OriaM.