Closed DZKeeper closed 7 years ago
This is actually the expected behavior. By default, the bamfdetect module only acts on "unpacked_executables".
You have two options:
Yes, you were right. The second worked. However, When I submit a sample, it doesnt seem to trigger all the modules, at least that is what I expect from "Just Do you magic"
Btw, im impress so far with the product, great work.
The rules are a little bit more complicated: "Just Do Your Magic" will execute all modules that can act on this file type and do not have any triggers defined.
From what I see from your first output, you only had the bamfdetect module enabled, which could explain what you see here.
More of a Question, but I dont seem to get any results from Yeti/Fame integration.
First I guess the endpoint for yeti would be something like : http://192.168.0.34/api ? if my instance was on that ip ?
I too am having issues with the API integration, is there a way to verify the connectivity between the two products?
Your endpoint should be http://192.168.0.34/api/. I think the last / is required at the moment.
Any error with the integration should appear in the analysis logs, if the module is enabled. If you want to test the integration, you can add some of your analysis observables to your Yeti instance and rerun the analysis. The tags should appear on the new analysis.
I'm closing this issue since it was not related, please do not hesitate to open a new issue for problems related to Yeti integration.
Description
I get the following error message when trying to execute an analysis by selecting Bamfdetect:
2017-04-01 08:42: error: Could not find execution path to target bamfdetect
Steps to Reproduce
Submit sample file select bamfdetect as analyser and click submit
Expected behavior
Give a result not an error in logs section
Actual behavior
Log section of the analysis shows:
2017-04-01 08:48: error: Could not find execution path to target bamfdetect
Debug
fame@ubuntu:~/fame$ utils/run.sh utils/troubleshoot.py [+] Using existing virtualenv.
########## VERSION ##########
OS: Linux-4.4.0-62-generic-x86_64-with-Ubuntu-16.04-xenial Python: 2.7.12
########## DEPENDENCIES ###########
alabaster==0.7.10 amqp==2.1.4 appdirs==1.4.3 Babel==2.4.0 billiard==3.5.0.2 celery==4.0.2 click==6.7 docutils==0.13.1 Flask==0.12.1 Flask-Classy==0.6.10 Flask-Login==0.3.2 Flask-Negotiation==0.1.9 flask-paginate==0.4.5 gitdb2==2.0.0 GitPython==2.1.3 imagesize==0.7.1 itsdangerous==0.24 Jinja2==2.9.5 kombu==4.0.2 markdown2==2.3.3 MarkupSafe==1.0 packaging==16.8 Pygments==2.2.0 pymongo==3.4.0 pyparsing==2.2.0 python-magic==0.4.13 pytz==2017.2 requests==2.13.0 six==1.10.0 smmap2==2.0.1 snowballstemmer==1.2.1 Sphinx==1.5.3 sphinx-rtd-theme==0.2.4 sphinxcontrib-httpdomain==1.5.0 vine==1.1.3 Werkzeug==0.12.1 zxcvbn==1.0
########## MongoDB ##########
Version: 3.4.3 Authorization check: True
########## Configuration ##########
types: True virustotal: False email: False malware_config: False volatility: True
Modules:
McAfee Antivirus Disabled Configured Sophos Antivirus Disabled Configured Symantec Antivirus Disabled Not Configured apk Processing Disabled Configured apk_verification Processing Disabled Not Configured bamfdetect Processing Enabled Configured cuckoo_modified Processing Disabled Configured eml Processing Disabled Configured joe Processing Disabled Not Configured marcher_config Processing Disabled Configured mem_yara Processing Disabled Not Configured office_macros Processing Disabled Configured pdf Processing Disabled Configured url_download Processing Disabled Configured zip Processing Disabled Configured slack Reporting Disabled Not Configured Yeti Threat Intelligence Disabled Not Configured