Hi everyone!
I updated the post attaching the PPT used during my presentation at the RSA TechFest 2016. Everything that you need to know about the integration process that I developed is avaiable in the file attached.
This is a simple post to show how to integrate the RSA Malware Analysis with the Cuckoo Sandbox solution.
You will need:
- RSA Security Analytics for Packet with Malware Analysis
- Cuckoo Sandbox (local)
Firstly, you need to enable the File Sharing Protocol on the Service - > Malware Analysis -> Config and then apply the change.
After that, connect through the SSH to your RSA Malware Analysis and change the share name from File Store to repository. Only to remove the space on share name.
Apply the change and restart the smb service.
Now, connect through SSH to your Cuckoo Sandbox (local). Run the steps below:
- Install the mount.cifs package
- Make a directory /mnt/rsamalware
- Make a script file rsamalware.sh (image below) on Cuckoo’s utils directory and set as an executable file. Note: Change your_rsa_malware by the correct IP address
Finally, add a cron job to run the script every 5 minutes (in this case). However, you can parameterize the option that better to attendant your specific demand.
Thanks, this looks really interesting. I'm assuming the results from Cuckoo don't come back into Malware Analysis as scores? I.e. this just pushes one way, right?