0.10
版本发布时间: 2017-08-15 08:19:46
airbnb/binaryalert最新发布版本:v1.2.0(2018-09-06 04:29:46)
Change Summary
Resolves: #3, #7, #23, #24
- Adds ~50 new YARA rules and reorganizes the rules folder structure
- Adds new
live_testfeature to CLI - SNS alert format changed to be more friendly for StreamAlert/PagerDuty integration
- Test coverage is improved, measured, and enforced
- [Bug Fix] Batcher no longer errors when scanning an empty bucket
New Feature: Live Test
You can now quickly test the end-to-end functionality of a live BinaryAlert deployment with a single command: python3 manage.py live_test
This will upload a harmless test file which should trigger a YARA match alert. The live test will verify that the match was correctly identified and saved in DynamoDB.
New YARA Match Alert Format
When a file matches a YARA rule, the SNS output format has changed from
{
'FileInfo': { ... },
'MatchedRules': [
{
'RuleFile': 'rules.yara',
'RuleName': 'my_rule_name,
...
}
]
}
to
{
'FileInfo': { ... },
'NumMatchedRules': 2,
'MatchedRules': {
'Rule1': {
'RuleFile': 'rules.yara',
'RuleName': 'my_rule_name,
...
},
'Rule2': { ... }
]
}
The new format is easy to integrate with StreamAlert and renders better in PagerDuty