Home

Awesome

Build Status Coverage Status

YaraGuardian

A django web interface for managing Yara rules. The manager enables users to:

* Search for specific rules based on rule characteristics
* Categorize and organize rules easily and in bulk
* Make bulk edits on desired/filtered rules
* Track characteristics of the entire rule repository
* Automatically prevent and detect duplicate entries

Rule Stats Summary

Get stats data on the entire rule repository

Stats Page

Rule Search Form

Search, manage, and export rules matching specific criteria

Search Page

Rule Search Results

View and perform in-place edits on search results

Search Results

Rule Edit Form

Modify or update a large set of rules based on various characteristics

Rule Editor

Installation and Configuration Instructions (Development environment)

  1. Base django application requirements can be installed via vagrantfile or install.sh

    • Be sure to review install.sh beforehand as it contains default configs for psql
  2. Settings are specified either via ENV variables or the config.json file

    • Any ENV variables specified will override values that are present in the config.json file
  3. Activate python environment

    • pipenv shell
  4. Use the Django manage.py to create initial tables and superuser

    • python manage.py migrate
    • python manage.py createsuperuser
  5. Collect static files

    • python manage.py collectstatic
  6. Run the server

    • python manage.py runserver 0.0.0.0:8000 -OR- gunicorn YaraGuardian.wsgi --bind=0.0.0.0:8000
    • make sure to set SERVE_STATIC=True if DEBUG=False and you are not using another method for static file serving like Nginx

Installation and Configuration Instructions (Docker Example)

  1. Build the image

    • docker build .
  2. Prepare static files

    • docker-compose run web yarn
    • docker-compose run web yarn webpack
    • docker-compose run web python3 /usr/local/YaraGuardian/manage.py collectstatic --noinput
  3. Perform DB Migrations and Create initial user

    • docker-compose run web python3 /usr/local/YaraGuardian/manage.py migrate
    • docker-compose run web python3 /usr/local/YaraGuardian/manage.py createsuperuser
  4. Run YaraGuardian

    • docker-compose up

Configurable settings

The following are the available configurable settings to be specified via environment variables or the config.json file:

Registration Options

Account registrations can be enabled by changing the "GUEST_REGISTRATION" config to either "INVITE" or "PUBLIC".

"INVITE" registration requires that a registration token be sent to the prospective guest. Tokens can be generated within the 'Admin Console'.

"PUBLIC" registration is completely open. Anyone who signs up can create an account.

Additional Commands / Utilities

Yara rule files can be ingested automatically using the following command line Utilities.

Rule Access

REST API Driven

Uses Django REST Framework so you can automate or build a new UI for rule management. Endpoint documentation can be found at /API on a running instance of YaraGuardian.

Contributing

For those who are interested in contributing to YaraGuardian, please take a moment to look over the contribution guidelines.