This repository was archived by the owner on Oct 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathservice_manifest.yml
More file actions
105 lines (97 loc) · 2.7 KB
/
service_manifest.yml
File metadata and controls
105 lines (97 loc) · 2.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: IntezerStatic
version: $SERVICE_TAG
description: Fetch the Intezer results of the submitted file's sha256
# TODO: From the user guide
# The following file formats are currently supported:
# • Windows Executable Files (PE) – exe, .dll, .sys – native x86, native x64 and .NET.
# • Linux Executable Files (ELF) – native x86, native x64, ARM32, ARM64
# • Compressed files that contain one file - Zip, RAR, TAR, 7-Zip
# • Android applications (APK)• Installers - msi, trusted installer, Inno setup...
# • Microsoft Office - doc, xls, ppt, etc.
# • PDF
# • Scripts - powershell, vbs, js
accepts: .*
rejects: empty|metadata/.*
stage: CORE
category: External
file_required: true
timeout: 60
disable_cache: false
enabled: false
is_external: false
licence_count: 0
config:
# Don't forget the /api/ at the end of the URL!
base_url: https://analyze.intezer.com/api/
api_version: v2-0
api_key: sample_api_key
private_only: false
is_on_premise: false
retry_forever: true
try_to_download_every_file: false
submission_params:
- default: ""
name: analysis_id
type: str
value: ""
heuristics:
- heur_id: 1
name: File is malicious
score: 1000
filetype: .*
description: Intezer considers this file malicious
- heur_id: 2
name: File is suspicious
score: 500
filetype: .*
description: Intezer considers this file suspicious
- heur_id: 3
name: Family Type of Interest
score: 100
filetype: .*
description: Intezer identified a file (or sub-file) that is associated with a family type of interest
- heur_id: 4
name: Generic signature raised
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 5
name: Command And Control
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 6
name: Credential Access
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 7
name: Defense Evasion
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 8
name: Discovery
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 9
name: Execution
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 10
name: Persistence
score: 0
filetype: .*
description: Intezer raised a signature
- heur_id: 11
name: Collection
score: 0
filetype: .*
description: Intezer raised a signature
docker_config:
allow_internet_access: true
image: ${REGISTRY}cccs/assemblyline-service-intezer-static:$SERVICE_TAG
cpu_cores: 0.5
ram_mb: 256