kestrel-analytics icon indicating copy to clipboard operation
kestrel-analytics copied to clipboard

Published 20 hours ago verified publisher icon opencybersecurityalliance

Docker Analytics for VirusTotal API

Open subbyte opened this issue 4 years ago • 3 comments
trafficstars

Wanna create a Kestrel analytics that other hunters will clone and reuse? Try to do one for VirusTotal.

Useful information:

  • How to install Kestrel: https://kestrel.readthedocs.io/en/stable/installation/
  • Basic concepts of the language (especially the APPLY command): https://kestrel.readthedocs.io/en/latest/language.html
  • Checking the example uses of analytics in a hunt:
    • Kestrel tutorial (in a Kestrel sandbox): https://mybinder.org/v2/gh/opencybersecurityalliance/kestrel-huntbook/HEAD?filepath=tutorial
    • open 5. Apply a Kestrel Analytics.ipynb in the Kestrel sandbox
  • Excellent blog on how to write your own analytics: https://opencybersecurityalliance.org/posts/kestrel-custom-analytics/
  • An similar existing analytics using SANS API: https://github.com/opencybersecurityalliance/kestrel-analytics/tree/release/analytics/sansipenrich
  • Example VirusTotal API to use: https://github.com/subbyte/virustotal

This will resolve https://github.com/opencybersecurityalliance/kestrel-lang/issues/124

@charliewutw is happy to be the mentor for contributors if needed.

subbyte avatar Oct 03 '21 21:10 subbyte

I know nothing about this but would like to learn

AcousticCh avatar Oct 03 '21 22:10 AcousticCh

@AcousticCh Great! I updated the issue to give you more information and starter links. @charliewutw will guide you if needed.

subbyte avatar Oct 04 '21 14:10 subbyte

@AcousticCh Please let me know if there's any questions.

charliewutw1 avatar Oct 05 '21 11:10 charliewutw1