cortex: Improvements on available analysers and attributes

scVENUS / PeekabooAV

Peekaboo Extended Email Attachment Behavior Observation Owl

https://peekabooav.de

GNU General Public License v3.0

66 stars 20 forks source link

Closed Jack28 closed 3 years ago

Jack28 commented 3 years ago

The CortexAnalyser or more precisely every CortexAnalyser can now access Cortex domain, hash, and ip artifacts from within the Generic rules.

FileInfoAnalyzerReport has new attributes md5sum, sha256sum, and ssdeepsum (now don't get to excited, ssdeep hashes can only be used as strings)

Jack28 commented 3 years ago

The changes we discussed are implemented. In a nutshell: better input validation with a new dependency schema

Please have another quick look, we talk tomorrow. So far I only have tested briefly with Cortex

Jack28 commented 3 years ago

Thank you for the additional input. I leave it until #189 is merged, rebase, and we double check and merge