[Oisf-devel] filemd5?
James Pleger
jpleger at gmail.com
Thu Feb 16 18:28:28 UTC 2012
I could also help writing some example apps and/or documentation on methods
to use it.
On Thu, Feb 16, 2012 at 1:20 PM, Martin Holste <mcholste at gmail.com> wrote:
> The first one: a growing single file or socket of JSON lines which a
> script can read from and execute actions based on. I'd be happy to
> write such a script for plugins like CIF, Virustotal and malwr.com.
>
> On Thu, Feb 16, 2012 at 12:17 PM, Victor Julien <victor at inliniac.net>
> wrote:
> > On 02/16/2012 05:59 PM, Martin Holste wrote:
> >> Regarding the Virustotal stuff, absolutely, though I don't think that
> >> should be OISF's job to code. That's a great place to put a script to
> >> asynchronously handle the output from Suricata. That's why a JSON
> >> output would be perfect for piping to something that can do all of the
> >> heavy-lifting and custom stuff in a script. CIF, Virustotal, Cuckoo,
> >> DLP--those are all easy tasks if you've got an ever-growing JSON
> >> stream of md5's.
> >
> > So this json stream would be a single log file / unix socket
> > continuously updated with the latest records? You script would just tail
> > it and do it's business?
> >
> > Or are you looking for per file json files like how we do the .meta
> > files now?
> >
> > --
> > ---------------------------------------------
> > Victor Julien
> > http://www.inliniac.net/
> > PGP: http://www.inliniac.net/victorjulien.asc
> > ---------------------------------------------
> >
> > _______________________________________________
> > Oisf-devel mailing list
> > Oisf-devel at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120216/897c4e4d/attachment-0002.html>
More information about the Oisf-devel
mailing list