Support for multiple parser/analyzer types

[maestretti]

Enhance the Dispatcher to support multiple types of "Analyser" lambdas based on the type of file to be processed. This would support a generalized file analysis platform that could handle binary files in multiple ways (YARA or other static/dynamic analysis) as well as other forensic artifacts (configuration files, memory captures, etc).

One possible approach would be to have the Dispatcher retrieve S3 metadata for each object. A key:value pair would define the specific parser to use (by name, or perhaps substring of arn). Dispatcher would use the Lambda API (ListFunctions) to discover which lambdas it had access to and could support. It would then dispatch the file to one (or multiple) lambdas that matched the metadata and were available.

[austinbyers]

Great idea! For at least the next quarter or two, we will be focusing and getting the most value out of the YARA analysis. Supporting a wide variety of other analysis types, while useful, is out of our scope for now.

For now, it may be easiest to fork BinaryAlert and add your own analysis stages on top of it. We'd certainly be happy to consider incorporating the extra analysis stages at some time in the future!