BinaryAlert is a serverless, real-time framework for detecting malicious files. BinaryAlert can efficiently analyze millions of files a day with a configurable set of YARA rules and will trigger an alert as soon as anything malicious is discovered! Organizations can deploy BinaryAlert to their AWS account in a matter of minutes, allowing them to analyze internal files and documents within the confines of their own environment.
- Built with Amazon Web Services (AWS): An AWS account is all you need to deploy BinaryAlert.
- Broad YARA support: BinaryAlert includes dozens of YARA rules out-of-the-box and makes it easy to add your own rules or clone them from other repositories.
- Real-Time: Files uploaded to BinaryAlert (S3 bucket) are immediately queued for analysis.
- Serverless: All computation is handled by Lambda functions. No servers to manage means stronger security and automatic scaling!
- Infrastructure-As-Code: The entire infrastructure is described with Terraform configuration files, enabling anyone to deploy BinaryAlert in a matter of minutes with a single command.
- Retroactive Analysis: After updating the YARA ruleset, BinaryAlert can retroactively scan the entire file corpus to find any new matches.
- Production-Ready: BinaryAlert ships with a custom metric dashboard and alarms which automatically trigger on error conditions.
- Low Cost: The AWS bill is based only on how many files you upload and how often they are re-analyzed.
Table of Contents
.. toctree:: :maxdepth: 3 getting-started iam-group architecture adding-yara-rules deploying analyzing-files yara-matches metrics-and-monitoring troubleshooting-faq credits