macaroni: integrate yara sigs with virustotal intelligence
TRANSCRIPT
Macaroni
Bringing the Penguin to your Browser !
Macaroni penguin (Eudyptes chrysolophus)
What is Macaroni ?What is Macaroni ?
Browser extension Matches files in
VirusTotal to yara signatures
2
Stores yara match notifications, mapping files to yara signatures
REST API to search, add, update, and delete yara match notifications
Macaroni Extension Macaroni Server
Macaroni ExtensionMacaroni Extension
Drag n Drop Installation
Cross Platform Seamless
Integration with VTMIS
3
Search ResultsSearch Results
Default VTMIS Search Results
4
Search ResultsSearch Results
5
VTMIS Search Results with
Macaroni
TagsTags
6
Tags from yara signature notifications
Tag SearchTag Search
Search the Penguin for tags from within VTMIS !
7
Tag SearchTag Search
Immediately find the samples you’re looking for
8
Macaroni ServerMacaroni Server
Responsibilities answer queries from
Macaroni Extension store file hashes
mapped to yara signatures
manage users
9
FlaskUser
Model
gunicorn
Elasticsearch
Nginx
API QueryAPI Query
Request
Response
10
API QueryAPI Query
11
Response Content
Flask AppFlask App
a modular structure so new modules can easily be plugged in highly configurable
12
Redis CacheRedis Cache
13
User ManagementUser Management
14
DeploymentDeployment
Vagrant Ansible Phansible (www.phansible.com)
15
To create a local dev environment:
vagrant up
To deploy to a remote server:
ansible-playbook playbook.yml
Live DemoLive Demo
16
QQ&&AA
17
Nick Summerlin [email protected]
nsummerlin
https://github.com/iSIGHTPartners/macaroni_extension.git
https://github.com/iSIGHTPartners/macaroni_server.git