Closed michaelweiser closed 3 years ago
Rebased #173 to current master. Planning to continue development into a job tracker similar to cuckoo.
Rebased and force-pushed to trigger hopefully now succeeding CI run. Also fixed a typo and added some clarification to the last documentation commit. Otherwise no changes.
Introduce Cortextools Adds first shot CAPEv2 sub analyser
Cortex from theHive Project has the ability to connect many Analyzers. CuckooSandbox amongst them. Also VirusTotal, HybridAnalysis ...
Cortex is now a part of the toolbox and some analyzers can be used in expression rules.
CAPEv2 can now be used in expressions rules: expression.0 : cortexreport.CAPEv2FileReport.malscore > 0 -> bad
For now this requires our own CAPEv2 Analyzer installed in Cortex.
For now only the floatingpoint value of malscore and the list of matched signatures are available.