Add support for sending SNS alerts if no YARA rules matched

[goochi1]

to: @austinbyers cc: @airbnb/binaryalert-maintainers resolves: #104

Background

We want the option to send an SNS alert if the file does NOT match any YARA rules

Changes

Added a new configuration flag, enable_safe_alerts, that directs the analyzer to send SNS messages for files which do not match YARA rules

Testing

tested with and without safe enabled tested with safe and unsafe files

Terraform Plan

After setting enable_safe_alerts = 1:

Terraform will perform the following actions:

 <= data.aws_iam_policy_document.binaryalert_analyzer_policy

  ~ aws_iam_role_policy.binaryalert_analyzer_policy

  + aws_sns_topic.safe_alerts
      id:                                                     <computed>
      arn:                                                    <computed>
      name:                                                   "PREFIX_binaryalert_safe_alerts"
      policy:                                                 <computed>

[coveralls]

Coverage decreased (-0.4%) to 91.681% when pulling 1b5dd9a51d742647c7827bb85ed1a3626bb21bce on goochi1:master into b437ce57eb034769da73dfd5cd84794b1693adbc on airbnb:master.

[goochi1]

@austinbyers ok updates again :) tested on safe and unsafe files, got sns for both. tested with enable safe and 1 and 0

[austinbyers]

So is this a replacement for #118 ? If so, can you close the other PR?

I'll be out for a few weeks, but I'll be sure to look at it when I get back! Excited to see this move forward

[goochi1]

@austinbyers all close, let me know when you get back :) Thanks again

[goochi1]

@austinbyers are you free to have another look

[austinbyers]

Hi @goochi1! Yep, I'm still working on some architectural changes, but since you just rebased, I'll go ahead and take a look today

[goochi1]

Please tell me you tested it haha

Get Outlook for iOShttps://aka.ms/o0ukef

---

From: Austin Byers notifications@github.com Sent: Tuesday, August 14, 2018 6:28:41 PM To: airbnb/binaryalert Cc: goochi1; Mention Subject: Re: [airbnb/binaryalert] Fixed lambda (#125)

Hi @goochi1https://github.com/goochi1! Yep, I'm still working on some architectural changes, but since you just rebased, I'll go ahead and take a look today

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/airbnb/binaryalert/pull/125#issuecomment-412952189, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AQuzPsV0x4ZIHeHatHxBA69NnMUfIP17ks5uQwjJgaJpZM4VAnoA.

[austinbyers]

@goochi1 yes, I did! It works as expected

Before we release v1.2, I'll probably tweak the formatting and language a bit (it's a "negative" alert, not necessarily a "safe" alert). I'll also work on updating the documentation and testing even more rigorously

[goochi1]

Of course!! Thanks for approving it!!! Really happy and glad it could help someone else. Also thanks for your support with it all :)

Get Outlook for iOShttps://aka.ms/o0ukef

---

From: Austin Byers notifications@github.com Sent: Wednesday, August 15, 2018 9:55:40 PM To: airbnb/binaryalert Cc: goochi1; Mention Subject: Re: [airbnb/binaryalert] Add support for sending SNS alerts if no YARA rules matched (#125)

@goochi1https://github.com/goochi1 yes, I did! It works as expected

Before we release v1.2, I'll probably tweak the formatting and language a bit (it's a "negative" alert, not necessarily a "safe" alert). I'll also work on updating the documentation and testing even more rigorously

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/airbnb/binaryalert/pull/125#issuecomment-413333513, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AQuzPgH9PAIx_AS2QC1_RgFwJ8Hoy_C7ks5uRIrMgaJpZM4VAnoA.