Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove redundant README information and link to documentation
- Loading branch information
Austin Byers
committed
Sep 18, 2017
1 parent
36505e5
commit 7c3eb27
Showing
8 changed files
with
90 additions
and
227 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
BinaryAlert: Serverless, Real-Time & Retroactive Malware Detection | ||
================================================================== | ||
.. image:: https://travis-ci.org/airbnb/binaryalert.svg?branch=master | ||
:target: https://travis-ci.org/airbnb/binaryalert | ||
:alt: Build Status | ||
|
||
.. image:: https://coveralls.io/repos/github/airbnb/binaryalert/badge.svg?branch=master | ||
:target: https://coveralls.io/github/airbnb/binaryalert?branch=master | ||
:alt: Coverage Status | ||
|
||
.. image:: https://readthedocs.org/projects/binaryalert/badge/?version=latest | ||
:target: http://www.binaryalert.io/?badge=latest | ||
:alt: Documentation Status | ||
|
||
| | ||
.. image:: docs/images/logo.png | ||
:align: center | ||
:scale: 75% | ||
:alt: BinaryAlert Logo | ||
|
||
BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is | ||
immediately scanned with a configurable set of `YARA <https://virustotal.github.io/yara/>`_ rules. | ||
An alert will fire as soon as any match is found, giving an incident response team the ability to | ||
quickly contain the threat before it spreads. | ||
|
||
Read the documentation at `binaryalert.io <https://binaryalert.io>`_! | ||
|
||
|
||
Links | ||
----- | ||
|
||
- `Announcement Post <https://medium.com/airbnb-engineering/binaryalert-real-time-serverless-malware-detection-ca44370c1b90>`_ | ||
- `Documentation <https://binaryalert.io>`_ | ||
- `Twitter <https://twitter.com/binaryalert_io>`_ (unofficial) | ||
- `Slack <https://binaryalert.herokuapp.com>`_ (unofficial) |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
YARA Analyzer | ||
============= | ||
This Lambda function is the core of BinaryAlert. Each invocation downloads one or more binaries from | ||
S3, scans them against all available YARA rules, and forwards any matches to Dynamo and SNS. | ||
|
||
|
||
Updating YARA-Python | ||
-------------------- | ||
The `yara-python <https://github.com/VirusTotal/yara-python>`_ library is natively compiled. | ||
It must therefore be pre-built on an Amazon Linux AMI in order to run in Lambda. | ||
This has already been done for you: ``yara_python_3.6.3.zip`` contains the | ||
pre-built ``yara_python`` library (v3.6.3) for the Lambda environment and is automatically bundled | ||
on every deploy. | ||
|
||
If, however, you need to update or re-create the zipfile, SSH to an EC2 instance running the | ||
`AWS Lambda AMI <http://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html>`_ | ||
and install ``yara-python``: | ||
|
||
.. code-block:: bash | ||
$ sudo su | ||
# yum update | ||
# yum install gcc openssl-devel.x86_64 python35-devel.x86_64 python35-pip.noarch | ||
# python3 | ||
>>> import pip | ||
>>> pip.main(['install', '--upgrade', 'pip']) | ||
>>> exit() | ||
# python3 | ||
>>> import pip | ||
>>> pip.main(['install', 'yara-python', '--target', '.']) | ||
>>> exit() | ||
# mv yara.cpython-35m-x86_64-linux-gnu.so yara.so | ||
# cp /usr/lib64/libpython3.5m.so.1.0 . | ||
# zip -r yara_python_VERSION.zip * | ||
Then replace ``yara_python_3.6.3.zip`` in the repo. | ||
|
||
Some notes: | ||
|
||
- Python3.6 is not currently available in the public Lambda AMI. You can either manually install Python3.6 from source or (what's done here) include the required Python3.5 bytecode in the zipfile. | ||
- The openssl development libraries are required to support the "hash" module. |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
CarbonBlack Binary Downloader | ||
============================= | ||
This optional Lambda function copies a binary from CarbonBlack Enterprise Response into the BinaryAlert S3 bucket for analysis. | ||
It can invoked every time CarbonBlack logs a ``binarystore.file.added`` event over the server message bus. | ||
|
||
For more information, see the `documentation <https://binaryalert.io/uploading-files.html#carbonblack-downloader>`_. | ||
|
||
Cbapi Pip Dependency | ||
-------------------- | ||
The ``cbapi`` library works best when pre-built on the Lambda AMI. Follow the same instructions given | ||
in the `analyzer README <../analyzer/README.rst>`_ to upgrade ``cbapi_1.3.2.zip`` when needed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.