Giters

jconnor0426 / karton-yaramatcher

File and analysis artifacts yara matcher for Karton framework

Home Page:https://github.com/CERT-Polska/karton

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

YaraMatcher karton service

Scans analyses and samples with yara rules and spawns tasks with appropiate tags.

Author: CERT.pl

Maintainers: msm, nazywam

Consumes:

{
    "type": "sample",
    "stage": "recognized",
    "kind": "runnable"
}, {
    "type": "sample",
    "stage": "recognized",
    "kind": "dump"
}, {
    "type": "analysis",
    "kind": "cuckoo1"
}, {
    "type": "analysis",
    "kind": "drakrun"
}, {
    "type": "analysis",
    "kind": "joesandbox"
}

Produces:

{
    "type": "sample",
    "stage": "analyzed"
}

Usage

First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton

Then install karton-yaramatcher from PyPi:

$ pip install karton-yaramatcher

And run the karton service by pointing it to your YARA rules repository:

$ karton-yaramatcher --rules yara_rule_directory

Co-financed by the Connecting Europe Facility by of the European Union

About

File and analysis artifacts yara matcher for Karton framework

https://github.com/CERT-Polska/karton

License:BSD 3-Clause "New" or "Revised" License

Languages

Language:Python 96.9%Language:Dockerfile 3.1%