Arcuri Davide

I've created a little executable output parser here https://gist.github.com/dadokkio/32f0791f3572122ef3d7924ab315babb if you want to use it as example. The output is something like: ``` {'ATT&CK Tactic_ATT&CK Technique': [{'ATT&CK Tactic': 'DEFENSE EVASION',...

yes, it should be available on the docker image of the analyzer (maybe the path could be a settings) if you search for subprocess you should find other tools that...

Probably @To-om has better answers. I think the option are: include the binary with your python code or add a Dockerfile that downloads the executables.

I made some tests with random mails I had on my machine. 2 of them failed for reasons related to embedded attachments: ``` Traceback (most recent call last): File "/opt/cortex/analyzers/MsgParser/parse.py",...

Hi, have you tried to follow what is suggested by the error? `You need lief >= 0.11.0. The quick and dirty fix is: pip3 install --force pymisp[fileobjects]`

Ok, the error in pymisp happens when it tries to split urllib3 release. A fix for this has been release in pymisp [4 days ago](https://github.com/MISP/PyMISP/commit/59bb0a7bb64804fcf498d31f237c0536f8603410#diff-24ea984f4dba50159301da0922e0c7b1040f43b4eb51c7cd234c284ec651b6fd) Can you try update it?

hi @hariomenkel , any update?

I made a new branch update_docs and I'll push there new analyzers docs.. I'll start from top excluding ones I don't have key for.

``` django_1 | 172.21.0.1:40816 - - [16/Jan/2024:15:44:08] "GET /symbols?index=dd17ccfa-b485-11ee-890e-0242ac150005" 200 4291 django_1 | - Downloading https://deb.sipwise.com/debian/pool/main/l/linux/linux-image-4.19.0-5-amd64-dbg_4.19.37-5_amd64.deb django_1 | - Extracting ./usr/lib/debug/lib/modules/4.19.0-5-amd64/vmlinux django_1 | - Writing to /tmp/vmlinuxwg0426e3 django_1 | Processing...

Small fixes to work on linux: ```import json import binascii from pefile import PE from volatility3.framework.contexts import Context from volatility3.framework.symbols.windows.pdbconv import PdbReader, PdbRetreiver pe = PE("/home/dadokkio/Downloads/ntoskrnl.exe") debug = pe.DIRECTORY_ENTRY_DEBUG[0].entry guid...