Closed frennkie closed 4 years ago
@Rafiot Travis appears to have some issue.. the current default testing VM still seems to be Ubuntu 14.04 .. as support for Trusty is ending really soon I changed the dist to Xenial (16.04). This also required a change in the socksipy package name.
For the last run Travis succeeded 2 of 4 and the two failures were not related to our code.. :-/
I restarted the runs on travis, it happens once in a while.
I'm a bit confused by the prints related to MISP: shouldn't it be using PyMISP directly instead?
Merging #729 into master will decrease coverage by
1.24%
. The diff coverage is17.05%
.
@@ Coverage Diff @@
## master #729 +/- ##
==========================================
- Coverage 40.46% 39.21% -1.25%
==========================================
Files 129 136 +7
Lines 12737 13459 +722
==========================================
+ Hits 5154 5278 +124
- Misses 7583 8181 +598
Impacted Files | Coverage Δ | |
---|---|---|
viper/modules/office.py | 54.72% <0%> (ø) |
:arrow_up: |
viper/web/viperweb/views.py | 19.45% <0%> (ø) |
:arrow_up: |
viper/modules/fireeye_methods/__init__.py | 100% <100%> (ø) |
|
viper/core/session.py | 75.29% <100%> (+0.29%) |
:arrow_up: |
viper/modules/fireeye_methods/fe_wrapper.py | 15.11% <15.11%> (ø) |
|
viper/modules/fireeye_methods/fe_auth.py | 17.64% <17.64%> (ø) |
|
viper/modules/fireeye_methods/fe_alerts.py | 23.4% <23.4%> (ø) |
|
viper/modules/fireeye.py | 42.85% <42.85%> (ø) |
|
...iper/modules/fireeye_methods/fe_malware_objects.py | 8.72% <8.72%> (ø) |
|
viper/modules/fireeye_methods/fe_artifacts.py | 9.35% <9.35%> (ø) |
|
... and 7 more |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 045e095...c32fcff. Read the comment docs.
I wasn't sure how to best handle this... Currently this extracts relevant data from the result of the sandbox analysis... The Analyst should then use this to create (and maybe further enrich) the actual MISP event...
@frennkie Can you provide a rundown of the functionality this introduces? And what is the general purpose of this?
@nex sure, will do... Is there a dedicated place to document individual modules (except for - - help)?
Not really, but I think if you summarize that here for us it would be good already.
@frennkie right, makes sense. I don't have a fireeye account, so I cannot look at the output in details, but it probably make sense to create full blown events, or at least objects from the output. I did something like that a while ago in the VT module: https://github.com/viper-framework/viper/blob/master/viper/modules/virustotal.py#L97
Closing this PR as modules are moved to https://github.com/viper-framework/viper-modules.
A colleague of mime implemented a module for the integration of Viper with the Fireeye Sandbox and we want to share this.
I'm not yet entirely sure about the MISP part.. maybe @Rafiot could provide some guidance? :-D
Code also still needs a bit of polishing - therefore tagged as Work-In-Progress.