Skip to content

CERT-Polska/karton-yaramatcher

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 5 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
 
 
karton/yaramatcher
 
 
tests
 
 
.dockerignore
 
 
.gitignore
 
 
Dockerfile
 
 
LICENSE
 
 
README.md
 
 
pyproject.toml
 
 
requirements.txt
 
 
setup.cfg
 
 
setup.py
 
 
YaraMatcher karton service Usage

README.md

YaraMatcher karton service

Scans analyses and samples with yara rules and spawns tasks with appropiate tags.

Author: CERT.pl

Maintainers: nazywam

Consumes:

{
    "type": "sample",
    "stage": "recognized",
    "kind": "runnable"
}, {
    "type": "sample",
    "stage": "recognized",
    "kind": "dump"
}, {
    "type": "analysis",
    "kind": "cuckoo1"
}, {
    "type": "analysis",
    "kind": "drakrun"
}, {
    "type": "analysis",
    "kind": "joesandbox"
}

Produces:

{
    "type": "sample",
    "stage": "analyzed"
}

Usage

First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton

Then install karton-yaramatcher from PyPi:

$ pip install karton-yaramatcher

And run the karton service by pointing it to your YARA rules repository:

$ karton-yaramatcher --rules yara_rule_directory

Co-financed by the Connecting Europe Facility by of the European Union

About

File and analysis artifacts yara matcher for Karton framework

github.com/CERT-Polska/karton

Topics

pipeline cybersecurity cert csirt malware-analysis malware-research yara karton

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

5 stars

Watchers

6 watching

Forks

9 forks
Report repository

Releases 5

v1.3.0 Latest
Jul 27, 2023
+ 4 releases

Contributors 7

Languages