fsf
fsf copied to clipboard
EmersonElectricCo
File Scanning Framework
Since FSF offers such a useful post processing framework for managing alerts based on file metadata it would be supremely handy for there to be an additional key in the...
the native FSF scan output is great, but sadly many databases and log handlers don't appreciate recursive JSON the way an analyst might. We could accommodate this while still preserving...
Rather than alerting only when a yara sig or jq sig has the alert condition set, it would be very helpful to also allow for thresholded alerting wherein one could...
A method is needed for archiving files that come through FSF in more granular way then the broad approach of archiving everything, archiving when there is an alert or don't...
while working on #40 I noticed that ft_macho was firing on a java class file: ```` fsfclient datar/fsf_dump_1485954008_9700feb2e081ce6a0eb9d8d6c10604e7/ { "Scan Time": "2017-02-02 12:27:12.296612", "Filename": "", "Source": "Analyst", "Object": { "META_BASIC_INFO":...
We modified the script to output yellow warnings and red errors so that we can better see when something went wrong. However we did this via bash color escape sequences...
