search

scVENUS / PeekabooAV

Peekaboo Extended Email Attachment Behavior Observation Owl
https://peekabooav.de
GNU General Public License v3.0
66 stars 20 forks source link

Toolbox: Cortextools Analyser #175

Closed michaelweiser closed 3 years ago

michaelweiser commented 4 years ago

Introduce Cortextools Adds first shot CAPEv2 sub analyser

Cortex from theHive Project has the ability to connect many Analyzers. CuckooSandbox amongst them. Also VirusTotal, HybridAnalysis ...

Cortex is now a part of the toolbox and some analyzers can be used in expression rules.

CAPEv2 can now be used in expressions rules: expression.0 : cortexreport.CAPEv2FileReport.malscore > 0 -> bad

For now this requires our own CAPEv2 Analyzer installed in Cortex.

For now only the floatingpoint value of malscore and the list of matched signatures are available.

michaelweiser commented 4 years ago

Rebased #173 to current master. Planning to continue development into a job tracker similar to cuckoo.

michaelweiser commented 3 years ago

Rebased and force-pushed to trigger hopefully now succeeding CI run. Also fixed a typo and added some clarification to the last documentation commit. Otherwise no changes.