-
Notifications
You must be signed in to change notification settings - Fork 297
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate additional scanners #14
Comments
mmguero
added
enhancement
New feature or request
research
Research or proof-of-concept for an idea
upload
Relating to PCAP and/or Zeek log ingestion
carving
Relating to carving (extraction) of files from traffic and the scanning of those files
labels
Jun 5, 2019
Adding a signature based scanner would be awesome. Found this to be very helpful for giving more context to alarms. |
capa looks interesting for exe analysis |
Merged
mmguero
added a commit
that referenced
this issue
Aug 31, 2020
* Carved file scanning improvements * Multiple file scanners can now be enabled concurrently (previously only one at a time was allowed) * [Yara](https://github.com/VirusTotal/yara) [added](idaholab#148) as carved file scanner feeding signatures.log with [Florian Roth](https://github.com/Neo23x0)'s [Signature-Base](https://github.com/Neo23x0/signature-base) Yara ruleset enabled by default and the ability to provide other yara signatures under `yara/rules` under the Malcolm directory (see #148 and #14) * Bumped versions * Moloch [v2.4.0](https://github.com/aol/moloch/blob/v2.4.0/CHANGELOG#L21-L42) * Bug fixes * #150 docker-compose having issues with start and logs under macOS * Hedgehog was missing new environment variables for finer control of Zeek local policy behavior * miscellaneous tweaks to Docker and ISO images (mainly for file size)
This was referenced Sep 2, 2020
Kamino closed and cloned this issue to idaholab/Malcolm |
Kamino closed and cloned this issue to idaholab/Malcolm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Investigate integrating other scanners into Malcolm:
If/when I decide to move on any of these, I'll log a separate issue.
The text was updated successfully, but these errors were encountered: