search

cuckoosandbox / community

Repository of modules and signatures contributed by the community
322 stars 175 forks source link

Check Pre-Execution of Submit.py #286

Open scottbrumley opened 7 years ago

scottbrumley commented 7 years ago

Does Cuckoo have a way to run a check before it runs? I have a URL that will return file reputation and I would like cuckoo to stand down if the reputation is known good. I was looking for a configuration option prior to building a wrapper or modifying code.

doomedraven commented 7 years ago

Nop you shoud do that before send to cuckoo

scottbrumley commented 7 years ago

Ok thanks

Sincerely, Scott Brumley - mobile Network Strategies, Inc

On Mar 16, 2017, at 4:43 PM, doomedraven notifications@github.com<mailto:notifications@github.com> wrote:

Nop you shoud do that before send to cuckoo

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/cuckoosandbox/community/issues/286#issuecomment-287184948, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AF51JAML9OlHC0pmccQ16lmpbGUn33Ivks5rmZ7ggaJpZM4Mf1ck.

doomedraven commented 7 years ago

if solved, close it ;)

jbremer commented 7 years ago

@scottbrumley as @doomedraven said Cuckoo currently doesn't do this, however, depending on the service that you mentioned it might be interesting to add, I think. As in, if this is a well-known public service, it may be useful to integrate in Cuckoo. If it's a private or in-house thing, then I redirect you to @doomedraven's solution, i.e., perform selection before submitting to Cuckoo. And no, a list such as NIST known executables (or whatever it's called), probably wouldn't qualify here (provided that almost nobody will ever submit such a sample).

scottbrumley commented 7 years ago

I work for McAfee and we have a framework called OpenDXL which will allow you to pull the reputations from our Threat Intelligence Exchange. I chose to build a web API that can return those results. So it would be nice if there was like a pre-execute module that could check the reputation and stand down if it's known good.

Sincerely, Scott Brumley - mobile Network Strategies, Inc

On Mar 16, 2017, at 5:38 PM, Jurriaan Bremer notifications@github.com<mailto:notifications@github.com> wrote:

@scottbrumleyhttps://github.com/scottbrumley as @doomedravenhttps://github.com/doomedraven said Cuckoo currently doesn't do this, however, depending on the service that you mentioned it might be interesting to add, I think. As in, if this is a well-known public service, it may be useful to integrate in Cuckoo. If it's a private or in-house thing, then I redirect you to @doomedravenhttps://github.com/doomedraven's solution, i.e., perform selection before submitting to Cuckoo. And no, a list such as NIST known executables (or whatever it's called), probably wouldn't qualify here (provided that almost nobody will ever submit such a sample).

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/cuckoosandbox/community/issues/286#issuecomment-287199043, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AF51JMV9n2Lz6W9zpYisKoDIP5SrfxEIks5rmavSgaJpZM4Mf1ck.