-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathservice_manifest.yml
158 lines (150 loc) · 4.49 KB
/
service_manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: Intezer
version: $SERVICE_TAG
description: This service fetches results from Intezer based on the submitted file's SHA256 hash.
# Regex defining the types of files the service accepts and rejects
accepts: android/.*|executable/windows/.*|executable/linux/.*|document/installer/windows
rejects: empty|metadata/.*
# At which stage the service should run (one of FILTER, EXTRACT, CORE, SECONDARY, POST, REVIEW)
# NOTE: Stages are executed in the order defined in the list
stage: CORE
# Which category the service is part of (one of Antivirus, Dynamic Analysis, External, Extraction, Filtering, Internet Connected, Networking, Static Analysis)
category: External
# Does the service require access to the file to perform its task
# If set to false, the service will only have access to the file metadata (e.g. Hashes, size, type, ...)
file_required: true
# Maximum execution time the service has before it's considered to be timed out
timeout: 60
# is the service enabled by default
enabled: false
privileged: true
config:
# Don't forget the /api/ at the end of the URL!
base_url: https://analyze.intezer.com/api/
api_version: v2-0
api_key: sample_api_key
private_only: false
is_on_premise: false
retry_forever: true
allow_dynamic_submit: true
polling_period_in_seconds: 5
analysis_timeout_in_seconds: 60
try_to_download_every_file: false
download_subfiles: true
min_malware_genes: 5
score_administration_tools: true
use_black_box_verdicts: true
submission_params:
- default: true
name: dynamic_submit
type: bool
value: true
- default: ""
name: analysis_id
type: str
value: ""
heuristics:
- heur_id: 1
name: File is malicious
score: 1000
filetype: .*
description: Intezer considers this file malicious
- heur_id: 2
name: File is suspicious
score: 500
filetype: .*
description: Intezer considers this file suspicious
- heur_id: 3
name: Family Type of Interest
score: 100
filetype: .*
description: Intezer identified a file (or sub-file) that is associated with a family type of interest
- heur_id: 4
name: Generic signature raised
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 5
name: Command And Control
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 6
name: Credential Access
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 7
name: Defense Evasion
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 8
name: Discovery
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 9
name: Execution
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 10
name: Persistence
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 11
name: Collection
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 12
name: Reused Malware Genes
score: 0
filetype: .*
description: Intezer has detected reused malware genes
- heur_id: 13
name: Intezer found a subverdict malicious
score: 1000
filetype: .*
description: Intezer has found this submission as malicious
- heur_id: 14
name: Intezer found a subverdict known malicious
score: 1000
filetype: .*
description: Intezer has found this submission as known malicious
- heur_id: 15
name: Intezer found a subverdict suspicious
score: 500
filetype: .*
description: Intezer has found this submission as suspicious
- heur_id: 16
name: Intezer found a subverdict unique
score: 50
filetype: .*
description: Intezer has found this submission as unique
- heur_id: 17
name: Intezer found a subverdict trusted
score: 0
filetype: .*
description: Intezer has found this submission as trusted
- heur_id: 18
name: Intezer found a subverdict administration_tool
score: 100
filetype: .*
description: Intezer has found this submission as administration_tool
- heur_id: 19
name: Intezer found a subverdict known_administration_tool
score: 100
filetype: .*
description: Intezer has found this submission as known_administration_tool
- heur_id: 20
name: Intezer returned a result
score: 0
filetype: .*
description: Results from Intezer analysis
docker_config:
allow_internet_access: true
image: ${REGISTRY}cccs/assemblyline-service-intezer:$SERVICE_TAG
cpu_cores: 0.5
ram_mb: 512