Skip to content

0.10

Pre-release
Pre-release
Compare
Choose a tag to compare
@austinbyers austinbyers released this 15 Aug 00:19
· 64 commits to master since this release
0.10
fbb2040

Change Summary

Resolves: #3, #7, #23, #24

  • Adds ~50 new YARA rules and reorganizes the rules folder structure
  • Adds new live_test feature to CLI
  • SNS alert format changed to be more friendly for StreamAlert/PagerDuty integration
  • Test coverage is improved, measured, and enforced
  • [Bug Fix] Batcher no longer errors when scanning an empty bucket

New Feature: Live Test

You can now quickly test the end-to-end functionality of a live BinaryAlert deployment with a single command: python3 manage.py live_test

This will upload a harmless test file which should trigger a YARA match alert. The live test will verify that the match was correctly identified and saved in DynamoDB.

New YARA Match Alert Format

When a file matches a YARA rule, the SNS output format has changed from

{
    'FileInfo': { ... },
    'MatchedRules': [
        {
            'RuleFile': 'rules.yara',
            'RuleName': 'my_rule_name,
            ...
        }
    ]
}

to

{
    'FileInfo': { ... },
    'NumMatchedRules': 2,
    'MatchedRules': {
        'Rule1': {
            'RuleFile': 'rules.yara',
            'RuleName': 'my_rule_name,
            ...
        },
        'Rule2': { ... }
    ]
}

The new format is easy to integrate with StreamAlert and renders better in PagerDuty

Assets 2
Loading