Skip to content

CERT-Polska/karton-mwdb-reporter

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
3 branches 5 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
CI: Upgrade Docker actions for release workflow (#38)
May 19, 2023 16:04
karton/mwdb_reporter
Remove outdated docstrings (#40)
November 9, 2023 12:43
.gitignore
Add an option to upload unrecognized files (#32)
April 27, 2023 12:26
Dockerfile
WIP: Prepare for karton5 migration (#21)
July 27, 2022 13:57
LICENSE
Update meta
December 22, 2020 10:58
README.md
Add an option to upload unrecognized files (#32)
April 27, 2023 12:26
pyproject.toml
Update meta
December 22, 2020 10:58
requirements.txt
Handle errors while uploading too large files (#27)
October 11, 2022 17:32
setup.cfg
Update meta
December 22, 2020 10:58
setup.py
Add a description (#9)
May 19, 2021 12:43
Reporter karton service Usage Configuration

README.md

Reporter karton service

Uploads samples and static configs to malwaredb

Author: CERT.pl

Maintainers: psrok1, nazywam

Consumes:

{
    "type": "sample",
    "stage": "recognized" || "analyzed" || "unrecognized"
},
{
    "type": "config"
},
{
    "type": "blob"
}

Produces:

(nothing)

Usage

First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton

Modify your karton.ini config to include information about your mwdb-core instance and reporter credentials:

[mwdb]
api_url = http://mwdb.my-awesome-org/api/
api_key = eyJhYWF....

Instead of providing api_key you can also use username/password but password-authenticated sessions are short-lived and service will need to re-auth from time to time.

Then install karton-mwdb-reporter from PyPi:

$ pip install karton-mwdb-reporter

$ karton-mwdb-reporter

Configuration

Using the --report-unrecognized flag you specify whether the reporter should upload files unrecognized by the classifier. You can also configure this using the built-in configuration backend by either adjusting it in the karton.ini

[mwdb-reporter]
report_unrecognized=true

or setting the environmental variable like so KARTON_MWDB-REPORTER_REPORT_UNRECOGNIZED=true.

To learn more about configuring your karton services, take a look at karton configuration docs

Co-financed by the Connecting Europe Facility by of the European Union

About

Karton service that uploads analyzed artifacts and metadata to MWDB Core

github.com/CERT-Polska/karton

Topics

pipeline cybersecurity cert csirt malware-analysis malware-research mwdb mwdb-core karton

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

2 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases 5

v1.3.0 Latest
Jun 19, 2023
+ 4 releases

Contributors 6

Languages