yugoslavskiy
commented
3 years ago Hello @oi-m8! Thank you very much for your contribution! I am sorry for the delayed response. We had a discussion on a similar proposal here:
Response actions should be more generic (tool agnostic).
At the moment there are multiple RAs for file analysis (RA2313: Analyse Windows PE, RA2315: Analyse Unix ELF etc). Sandbox, RE, strings etc — these are all methods of file analysis, and could be a part of future sub-actions.
I will close the PR, but let's keep the issue open and get back to it as soon as we will move to sub-actions.
Thank you once again 🙏
Many organisations tend to have an on-prem or online service that provides a sandbox for detonation of potentially malicious files. Would it be a good idea to have a RA for a generic submission of a file to a service like this?