Skip to content
/ ClamAV-CortexAnalyzer Public

Analyzer for TheHive Cortex Soc platform. Allows you to run observables against default and custom ClamAV rules.

License

AGPL-3.0 license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Hestat/ClamAV-CortexAnalyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
clam.json
clam.json
 
 
long.html
long.html
 
 
pyclam_analyzer.py
pyclam_analyzer.py
 
 
requirements.txt
requirements.txt
 
 
short.html
short.html
 
 

Repository files navigation

ClamAV-Analyzer

Analyzer for integrating ClamAV scanning to TheHive and Cortex.

When investigating an incident you may not want to send a file off to Virustotal or some other public resource.

ClamAV will allow you to scan locally, and you can add custom rules to ClamAV via Sigtool and Yara to enhance its detection capability.

Package includes everthing you will need to setup in TheHive

pyclam_analyzer.py
clam.json

Templates:
long.html
short.html

Python package requirements:

cortexutils
os
pyclamd

However! Keep reading

You will need to have Clamd installed and running on the server that TheHive/Cortex is running on so that it can connect for the scans.

As well you will need to make som adjustments to the user and/or group running Clamd by default Clamd runs as the clamav user, you will need to allow root, or edit the config to allow additional groups to clamd as the observables that TheHive will send to the scanner will be owned by the cortex user.

About

Analyzer for TheHive Cortex Soc platform. Allows you to run observables against default and custom ClamAV rules.

Topics

dfir clamav thehive cortex yara-integrated

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

5 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages