drakvuf-sandbox icon indicating copy to clipboard operation
drakvuf-sandbox copied to clipboard

Published 20 hours ago verified publisher icon CERT-Polska

External Karton integration

Open psrok1 opened this issue 7 months ago • 0 comments

Previously - Karton was strictly integrated with Drakvuf Sandbox as it used this project for queuing analyses and sending results both to the final S3 storage and other consumers. That model was pretty difficult to maintain as Karton is meant to work in microservice model and it's much easier to maintain such environment when microservice is easily replaceable.

Such Karton service should consume analysis requests and use Drakvuf Sandbox API to schedule an analysis and poll for the results. If analysis was sucessful, Karton service should send a task indicating the end of the analysis, including some artifacts (e.g. memory dumps) in compatible way with https://github.com/CERT-Polska/karton-config-extractor.

Karton should also handle the multinode model by indicating on which node the analysis was performed. Proper Drakvuf Sandbox analysis reference can be send in payload.attribute in compatible way with https://github.com/CERT-Polska/karton-mwdb-reporter.

psrok1 avatar Apr 23 '25 16:04 psrok1