安全协议>> karton-yaramatcher>> 返回
项目作者: CERT-Polska

项目描述 :
File and analysis artifacts yara matcher for Karton framework
高级语言: Python
项目地址: git://github.com/CERT-Polska/karton-yaramatcher.git
创建时间: 2020-09-03T19:41:57Z
项目社区:https://github.com/CERT-Polska/karton-yaramatcher
开源协议:BSD 3-Clause "New" or "Revised" License
下载


YaraMatcher karton service

Scans analyses and samples with yara rules and spawns tasks with appropiate tags.

Author: CERT.pl

Maintainers: nazywam

Consumes:

  1. {
  2.     "type": "sample",
  3.     "stage": "recognized",
  4.     "kind": "runnable"
  5. }, {
  6.     "type": "sample",
  7.     "stage": "recognized",
  8.     "kind": "dump"
  9. }, {
  10.     "type": "analysis",
  11.     "kind": "cuckoo1"
  12. }, {
  13.     "type": "analysis",
  14.     "kind": "drakrun"
  15. }, {
  16.     "type": "analysis",
  17.     "kind": "joesandbox"
  18. }

Produces:

  1. {
  2.     "type": "sample",
  3.     "stage": "analyzed"
  4. }

Usage

First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton

Then install karton-yaramatcher from PyPi:

  1. $ pip install karton-yaramatcher

And run the karton service by pointing it to your YARA rules repository:

  1. $ karton-yaramatcher --rules yara_rule_directory

Co-financed by the Connecting Europe Facility by of the European Union