EngineObjectInterface

Interface: Engine Object

Create an object implementing this interface to send binary data to an analysis engine other than the built-in YARA one in order to find Indicators of Compromise (IOCs).

Your object must implement all methods defined in this reference.

analyze method

def analyze(self, binary_metadata):

This method is called from the main analysis loop to analyze binary data, once for each item being analyzed.

Parameters:

binary_metadata (type: dict) - The metadata for the file being analyzed. This information will always conform to the BinaryMetadata schema.

Returns:

(type: dict) The response from your engine's analysis of the binary data. This return value must conform to the EngineResponse schema. (It will be verified after it's returned from your engine object.)

Information here is current as of Carbon Black Cloud Binary Toolkit 1.0.0

CBC Binary Toolkit

Home
Performance Metrics
User Guide
Developer Guide
- Replace Components
  - Analysis Engine
  - Persistence System
- Architecture Overview
- Schemas
- Interfaces
Glossary

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

EngineObjectInterface

Interface: Engine Object

analyze method

CBC Binary Toolkit

Clone this wiki locally