-
Notifications
You must be signed in to change notification settings - Fork 251
Analyzers
To-om edited this page Jan 27, 2017
·
17 revisions
Analyzers are included in the Cortex binary package but they are in a dedicated GitHub repository Cortex-Analyzers. Currently, analyzers are autonomous application, hosted in Cortex server. This will change in future (see our road map).
Provided analyzers are written in Python. They don't require any build phase but their dependencies must be installed:
apt-get install python-pip python2.7-dev ssdeep libfuzzy-dev libfuzzy2 libimage-exiftool-perl
sudo pip install cortexutils datetime simplejson python-magic pefile2 hashlib pydeep pyexifinfo oletools olefile pyeupi
If you want to get up-to-date analyzers, you can clone the GitHub repository:
git clone https://github.com/CERT-BDF/Cortex-Analyzers
Don't forget to configure analyzers directory in Cortex configuration:
analyzer {
path = "path/to/analyzers"
}
apt-get install python-pip python2.7-dev
sudo pip install cortexutils
Analyzers use a base library cortexutils which to common tasks (get configuration parameters, parse inputs, format outputs, ...)
sudo pip install datetime simplejson
No dependencies
pehashng is included in analyzers. This step should not be needed
git clone https://github.com/AnyMaster/pehashng
cd pehashng
sudo python setup.py install
Other dependencies:
sudo apt-get install ssdeep libfuzzy-dev libfuzzy2 libimage-exiftool-perl
sudo pip install python-magic pefile2 hashlib pydeep pyexifinfo oletools olefile
sudo pip install pyeupi