-
Notifications
You must be signed in to change notification settings - Fork 4
/
service_manifest.yml
144 lines (120 loc) · 2.93 KB
/
service_manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: TagCheck
version: $SERVICE_TAG
description: A post-service that compares all TAGs generated by an AL result to a signature set using the yara externals feature.
accepts: .*
rejects: empty|metadata/.*
stage: POST
category: Static Analysis
file_required: true
timeout: 60
disable_cache: false
enabled: true
is_external: false
licence_count: 0
privileged: true
uses_tags: true
uses_metadata: true
uses_temp_submission_data: true
heuristics:
- heur_id: 1
name: Info
score: 1
filetype: "*"
description: TagCheck rule - Info group
- heur_id: 2
name: Technique
score: 100
filetype: "*"
description: TagCheck rule - Technique group
- heur_id: 3
name: Exploit
score: 500
filetype: "*"
description: TagCheck rule - Exploit group
- heur_id: 4
name: Tool
score: 500
filetype: "*"
description: TagCheck rule - Tool group
- heur_id: 5
name: Malware
score: 1000
filetype: "*"
description: TagCheck rule - Malware group
- heur_id: 6
name: Safe
score: -1000
filetype: "*"
description: TagCheck rule - Safe group
- heur_id: 7
name: Threat Level 1
score: 100
filetype: "*"
description: TagCheck rule - Threat level 1
- heur_id: 8
name: Threat Level 2
score: 200
filetype: "*"
description: TagCheck rule - Threat level 2
- heur_id: 9
name: Threat Level 3
score: 300
filetype: "*"
description: TagCheck rule - Threat level 3
- heur_id: 10
name: Threat Level 4
score: 400
filetype: "*"
description: TagCheck rule - Threat level 4
- heur_id: 11
name: Threat Level 5
score: 500
filetype: "*"
description: TagCheck rule - Threat level 5
- heur_id: 12
name: Threat Level 6
score: 600
filetype: "*"
description: TagCheck rule - Threat level 6
- heur_id: 13
name: Threat Level 7
score: 700
filetype: "*"
description: TagCheck rule - Threat level 7
- heur_id: 14
name: Threat Level 8
score: 800
filetype: "*"
description: TagCheck rule - Threat level 8
- heur_id: 15
name: Threat Level 9
score: 900
filetype: "*"
description: TagCheck rule - Threat level 9
- heur_id: 16
name: Threat Level 10
score: 1000
filetype: "*"
description: TagCheck rule - Threat level 10
docker_config:
image: ${REGISTRY}cccs/assemblyline-service-tagcheck:$SERVICE_TAG
cpu_cores: 0.5
ram_mb: 2048
dependencies:
updates:
container:
allow_internet_access: true
command: ["python", "-m", "tagcheck.update_server"]
image: ${REGISTRY}cccs/assemblyline-service-tagcheck:$SERVICE_TAG
ports: ["5003"]
cpu_cores: 2
ram_mb: 4096
run_as_core: True
update_config:
generates_signatures: true
sources:
- name: CCCS
uri: https://assemblyline-support.s3.amazonaws.com/tagcheck.rules
pattern: .*tagcheck\.rules
update_interval_seconds: 86400 # 24 hours
wait_for_update: false