It should be noted that, for now, analysis may be abandoned at any time due to the current development process. The recent addition of the Statistics Page (Brad's Fork, what my code is based on) made database changes. At this point it's easiest to just wipe the slate and start with fresh databases. This will eventually be updated and more stable. There are future plans to incorporate IDS alerting via Snort/Suricata which may require future database changes for MongoDB. So, just to reiterate, analysis data is currently volatile.
The current setup is using KVM and Libvirt with Cuckoo. At the moment there is only one VM, but in the future I am planning on expanding to five. Currently the VM(s) will have the following software installed:
- .NET 4.5.2
- Adobe Flash 16.0.0.305
- Adobe Reader 11.0.10
- Google Chrome 40.0.2214.111 m
- Java 7u25
- Mozilla Firefox 35.0.1
- Office 2010 (Macros configured to auto-run)
- Word
- Excel
- PowerPoint
- Outlook
Feel free to reach out to me if you have any requests.
On the host tab, could an IP that has not come from a DNS lookup be bolded?
ReplyDeleteSay for example when a host makes a raw connect to an IP rather than doing a DNS lookup prior?
ReplyDeleteyes, the direct tab looks good!
ReplyDeleteBrad is the original author of that code. :)
ReplyDelete