Luiz Borges

How to integrate the RSA Malware Analysis with the Cuckoo Sandbox

Discussion created by Luiz Borges on May 22, 2015
Latest reply on Oct 23, 2017 by Luiz Borges

Hi everyone!

 

I updated the post attaching the PPT used during my presentation at the RSA TechFest 2016. Everything that you need to know about the integration process that I developed is avaiable in the file attached.

 

This is a simple post to show how to integrate the RSA Malware Analysis with the Cuckoo Sandbox solution.

 

You will need:

 

  • RSA Security Analytics for Packet with Malware Analysis
  • Cuckoo Sandbox (local)

 

Firstly, you need to enable the File Sharing Protocol on the Service - > Malware Analysis -> Config and then apply the change.

 

113162

 

After that, connect through the SSH to your RSA Malware Analysis and change the share name from File Store to repository. Only to remove the space on share name.

 

113172

 

Apply the change and restart the smb service.

 

Now, connect through SSH to your Cuckoo Sandbox (local). Run the steps below:

 

  • Install the mount.cifs package
  • Make a directory /mnt/rsamalware
  • Make a script file rsamalware.sh (image below) on Cuckoo’s utils directory and set as an executable file. Note: Change your_rsa_malware by the correct IP address

 

113173

 

Finally, add a cron job to run the script every 5 minutes (in this case). However, you can parameterize the option that better to attendant your specific demand.

Outcomes