Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linter: allow capa rules to specify dynamic sandbox trace files for example files #2410

Closed
mike-hunhoff opened this issue Sep 26, 2024 · 4 comments
Closed

linter: allow capa rules to specify dynamic sandbox trace files for example files #2410

mike-hunhoff opened this issue Sep 26, 2024 · 4 comments
Labels
dynamic related to dynamic analysis flavor enhancement New feature or request

Comments

@mike-hunhoff
Copy link
Collaborator

No description provided.

@mike-hunhoff mike-hunhoff added enhancement New feature or request dynamic related to dynamic analysis flavor labels Sep 26, 2024
@mr-tz
Copy link
Collaborator

mr-tz commented Sep 30, 2024

Since we index all test samples also by filename this actually works already like:

...
examples:
  - 2f8a79b12a7a989ac7e5f6ec65050036588a92e65aeb6841e08dc228ff0e21b4_min_archive.zip

We only have to determine and document what data to list. I'd initially say it's fine to just list the file without any details on the pid, tid, callid, etc.

@mr-tz
Copy link
Collaborator

mr-tz commented Sep 30, 2024

One downside is that the dynamic VMRay test files tend to be relatively large (a few MB to several dozen MB).

@mike-hunhoff
Copy link
Collaborator Author

One downside is that the dynamic VMRay test files tend to be relatively large (a few MB to several dozen MB).

We'd also want to enforce users to leverage our VMRay minify script when adding new VMRay archives.

@mr-tz mr-tz mentioned this issue Oct 3, 2024
Open
@mr-tz
Copy link
Collaborator

mr-tz commented Oct 3, 2024

this works, see e.g. mandiant/capa-rules#938

@mr-tz mr-tz closed this as completed Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dynamic related to dynamic analysis flavor enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mr-tz @mike-hunhoff