Open jbremer opened 7 years ago
Process arguments params would be great too
Be able to search on All Strings from the memory
Search in buffers/arguments in behavior?
Searching for partial registry keys would be great, same with files/paths that have been accessed/deleted/dropped. These two types of searches would probably be restricted to ES though.
Most of the things in the static analysis as this is what I use to finger print malware families.
go more into behavioral indicators like
Thanks for the great work and sharing with community!
Would be great to have the signed malware cert info in here to :) eg serial number and MD5 of the cert company etc
yara results,
define a closer search scope, e.g. find this string in the API call parameter FILE
This is a general question for our users: what do you want to be able to search in Cuckoo Web interface? We're currently rebuilding our search capabilities and fulfilling our users needs would be a great way to make search as useful as possible. Please leave us a note here or privately and we'll add it to the list of search possibilities. See also #1327 for the actual issue on the new searching. Keep in mind that we will be doing a combination of searching in MongoDB and (optionally) ElasticSearch, so some searches may be limited to users running ElasticSearch.
List of searchable indicators so far: