Awesome
YaraMatcher karton service
Scans analyses and samples with yara rules and spawns tasks with appropiate tags.
Author: CERT.pl
Maintainers: nazywam
Consumes:
{
"type": "sample",
"stage": "recognized",
"kind": "runnable"
}, {
"type": "sample",
"stage": "recognized",
"kind": "dump"
}, {
"type": "analysis",
"kind": "cuckoo1"
}, {
"type": "analysis",
"kind": "drakrun"
}, {
"type": "analysis",
"kind": "joesandbox"
}
Produces:
{
"type": "sample",
"stage": "analyzed"
}
Usage
First of all, make sure you have setup the core system: https://github.com/CERT-Polska/karton
Then install karton-yaramatcher from PyPi:
$ pip install karton-yaramatcher
And run the karton service by pointing it to your YARA rules repository:
$ karton-yaramatcher --rules yara_rule_directory