Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

YARA Hunting with S3 distributed backend #559

Open
1 of 4 tasks
sustefil opened this issue Mar 9, 2022 · 6 comments
Open
1 of 4 tasks

YARA Hunting with S3 distributed backend #559

sustefil opened this issue Mar 9, 2022 · 6 comments
Labels
type:question Further information is requested zone:integrations Tasks related with plugins and integrations

Comments

@sustefil
Copy link

sustefil commented Mar 9, 2022

Feature Category

  • Correctness
  • User Interface / User Experience
  • Performance
  • Other (please explain)

Describe the problem

Hi there, I am quite new to the MWDB project, I was wondering if there is a possibility of doing a YARA (retro)hunt with the distributed S3 storage.
I have come over a tweet where you have that feature for the mwdb.cert.pl:

https://twitter.com/CERT_Polska_en/status/1270763534067150848

Few question:

  1. Do you consider releasing this feature to the public?
  2. Does this work with the S3 distributed storage backend?
  3. If not, do you have any other suggestion/idea how to perform YARA hunts when using the S3 distributed storage?

Thank you in advance!
@ITAYC0HEN
Copy link
Contributor

[not a CERTPL member] Hey! :) MQuery can work on top of S3 so you can easily set up MQuery and retro hunt on your MWDB S3-hosted files.
We do this @ Check Point and it works great

@c3rb3ru5d3d53c
Copy link

I've figured out how to do this, you can DM me on twitter :)

@psrok1
Copy link
Member

psrok1 commented Mar 15, 2022

Hi! Currently mquery is integrated with mwdb.cert.pl via plugin that needs to be set up on both sides.
We definitely plan to publish it and it's already shared with some people, but I want to improve it a bit before we make it public.

I'll notify you in this thread when we make any progress on that.

@psrok1 psrok1 added type:question Further information is requested zone:integrations Tasks related with plugins and integrations labels Mar 15, 2022
@sustefil
Copy link
Author

@psrok1 Thank you! I will patiently wait for this nice feature to come :)

@lazydaemon
Copy link

[not a CERTPL member] Hey! :) MQuery can work on top of S3 so you can easily set up MQuery and retro hunt on your MWDB S3-hosted files.
We do this @ Check Point and it works great

How is the performance and how many samples do you check?

@jeremyng123
Copy link

Hi! Currently mquery is integrated with mwdb.cert.pl via plugin that needs to be set up on both sides. We definitely plan to publish it and it's already shared with some people, but I want to improve it a bit before we make it public.

I'll notify you in this thread when we make any progress on that.

Hello!! are there any updates on the plugins? I tried searching but couldn't find it. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:question Further information is requested zone:integrations Tasks related with plugins and integrations
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@lazydaemon @psrok1 @ITAYC0HEN @jeremyng123 @sustefil @c3rb3ru5d3d53c