Python 3.6.8
The following Git repository must be set up and available.
- TheOracle (YARA rules git repository)
The following components must be set up on Cortex/TheHive:
- yara-designer-responder (Cortex responder)
The following components must be running and available over network:
- yara-designer-web (Web GUI, frontend)
- Set up an environment using Pipenv (recommended) or Virtualenv:
- Pipenv:
# Install environment. $ pipenv install # Install and update dependencies. $ pipenv update
- Virtualenv
# Install environment. $ python3 -m venv env # Enable environment. $ source env/bin/activate # Install dependencies. $ pip install -r requirements.txt
- Pipenv:
- Create a
config.json
and configure it (useconfig.json.sample
as reference).- NB: You don't need to specify every option, just the ones you want to override.
- Make sure Cortex is set up with
yara-designer-responder
and is available over network.
- Start the YARA-Designer core/backend by running
main.py
:- Pipenv:
pipenv run python3 main.py
. - Virtualenv:
source env/bin/activate
and thenpython3 main.py
.
- Pipenv:
- Use the Cortex responder on a case in TheHive, which will populate core's database.
NB/FIXME: Models are not entirely up to date!
For documentation on the API start the server and visit http://<host>:<port>/api/v1/