Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Response Action for generic submission of files to sandbox #357

Open
oi-m8 opened this issue Aug 12, 2021 · 1 comment
Open

Response Action for generic submission of files to sandbox #357

oi-m8 opened this issue Aug 12, 2021 · 1 comment
Assignees
@yugoslavskiy
Labels
RA-dev Response Action development

Comments

@oi-m8
Copy link

oi-m8 commented Aug 12, 2021

Many organisations tend to have an on-prem or online service that provides a sandbox for detonation of potentially malicious files. Would it be a good idea to have a RA for a generic submission of a file to a service like this?
@oi-m8 oi-m8 mentioned this issue Aug 12, 2021
Closed
@yugoslavskiy yugoslavskiy added the RA-dev Response Action development label Aug 23, 2021
@yugoslavskiy yugoslavskiy self-assigned this Aug 23, 2021
@yugoslavskiy
Copy link
Member

Hello @oi-m8! Thank you very much for your contribution! I am sorry for the delayed response.
We had a discussion on a similar proposal here:

Response actions should be more generic (tool agnostic).

At the moment there are multiple RAs for file analysis (RA2313: Analyse Windows PE, RA2315: Analyse Unix ELF etc).
Sandbox, RE, strings etc — these are all methods of file analysis, and could be a part of future sub-actions.

I will close the PR, but let's keep the issue open and get back to it as soon as we will move to sub-actions.

Thank you once again 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yugoslavskiy yugoslavskiy

Labels
RA-dev Response Action development
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oi-m8 @yugoslavskiy