Macaroni: Integrate Yara sigs with VirusTotal Intelligence
-
Upload
nms84 -
Category
Technology
-
view
520 -
download
3
Transcript of Macaroni: Integrate Yara sigs with VirusTotal Intelligence
What is Macaroni ?What is Macaroni ?
Browser extension Matches files in
VirusTotal to yara signatures
2
Stores yara match notifications, mapping files to yara signatures
REST API to search, add, update, and delete yara match notifications
Macaroni Extension Macaroni Server
Macaroni ExtensionMacaroni Extension
Drag n Drop Installation
Cross Platform Seamless
Integration with VTMIS
3
Macaroni ServerMacaroni Server
Responsibilities answer queries from
Macaroni Extension store file hashes
mapped to yara signatures
manage users
9
FlaskUser
Model
gunicorn
Elasticsearch
Nginx
Flask AppFlask App
a modular structure so new modules can easily be plugged in highly configurable
12
DeploymentDeployment
Vagrant Ansible Phansible (www.phansible.com)
15
To create a local dev environment:
vagrant up
To deploy to a remote server:
ansible-playbook playbook.yml
QQ&&AA
17
Nick Summerlin [email protected]
nsummerlin
https://github.com/iSIGHTPartners/macaroni_extension.git
https://github.com/iSIGHTPartners/macaroni_server.git