Austin Byers
Austin Byers
## Background Related to #102 , it's always felt awkward to have the same SQS queue for both regular operation and for retroactive analysis: - New binaries added to the...
All YARA matches are saved to DynamoDB, but alerts are only sent to SNS if the YARA rule name has not matched before on the given binary. There are two...
## Background During a batch analysis, all YARA match results are saved to Dynamo. However, SNS alerts are not sent for these matches if they were already matched in a...
Source more YARA rules from other open-source projects, including [YaraRules](https://github.com/Yara-Rules/rules).
[CloudWatch metric filters](http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/MonitoringPolicyExamples.html) allow you to create metrics based on pattern-matching log data. This would allow us to add at least two more useful metrics: - We can measure the...
Add support for S3 [client-side encryption](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html), allowing users to encrypt file uploads with their own KMS key(s).
StreamAlert stores and processes potentially sensitive security logs. As such, all data should be encrypted at rest. In particular, Dynamo, S3, and SQS support server-side encryption, and it's relatively easy...
Yextend is designed to be compiled from source and invokes a couple of subprocesses (`pdfdetach`, `pdftotext`, `yara`). This makes it challenging to build and run in an isolated environment (e.g....
It would be great to be able to scan sensitive files entirely in-memory so that they never have to be saved to disk. This would likely be a feature added...
YARA rules can include [external variables](https://yara.readthedocs.io/en/v3.7.0/writingrules.html#external-variables), which `yara` allows you to define with a `-d` flag. It would be great if `yextend` could support external variables (perhaps with the same...