We want the ability to run code (@import-pandas-as-numpy is calling them 'modules') in response to a package being reported.
Requirements:
Should not run as part of existing services (any issues with modules shouldn't impact existing Dragonfly services)
Also means that it should be outside Dragonfly's review + release cycle like the Yara rules
These modules will have the package being reported as an input (the actual format of this input is not specified).
The modules will produce some arbitrary output, such as posting to a webhook or writing to a database.
The modules will be written in Python.
An idea: use a message queue and Pub/Sub and make reporter one of these modules. Other modules would simply Sub to the Pub in order to register themselves.
We want the ability to run code (@import-pandas-as-numpy is calling them 'modules') in response to a package being reported. Requirements:
An idea: use a message queue and Pub/Sub and make reporter one of these modules. Other modules would simply Sub to the Pub in order to register themselves.