[Oisf-devel] filemd5?

Martin Holste mcholste at gmail.com
Thu Feb 16 18:20:37 UTC 2012


The first one: a growing single file or socket of JSON lines which a
script can read from and execute actions based on.  I'd be happy to
write such a script for plugins like CIF, Virustotal and malwr.com.

On Thu, Feb 16, 2012 at 12:17 PM, Victor Julien <victor at inliniac.net> wrote:
> On 02/16/2012 05:59 PM, Martin Holste wrote:
>> Regarding the Virustotal stuff, absolutely, though I don't think that
>> should be OISF's job to code.  That's a great place to put a script to
>> asynchronously handle the output from Suricata.  That's why a JSON
>> output would be perfect for piping to something that can do all of the
>> heavy-lifting and custom stuff in a script.  CIF, Virustotal, Cuckoo,
>> DLP--those are all easy tasks if you've got an ever-growing JSON
>> stream of md5's.
>
> So this json stream would be a single log file / unix socket
> continuously updated with the latest records? You script would just tail
> it and do it's business?
>
> Or are you looking for per file json files like how we do the .meta
> files now?
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel



More information about the Oisf-devel mailing list