Concourse pipelines for the pilot environment
These pipelines can be deployed in the Concourse CI pilot environment.
Descriptions
| Pipeline name | Tools used | Description | Quick setup for the pilot environment |
|---|---|---|---|
| Email-pipeline | Honeynet Thug / Pywhois | # Email-pipeline | |
| PDF pipeline | PDFiD / PeePDF / JSunpack-n / shellcode analysis | # PDF pipeline The pipeline polls for new files at a Gitlab repo, analyses the documents and writes the results to another branch of the repo. * Watch the VIDEO | yes |
| Virustotal Pipeline | Suricata / iocextract / Virustotal | # Virustotal Pipeline This pipeline consumes pcap files from s3 resource compatibible storage, archives pcaps and analyzes the files with suricata and virustotal. Note: A virustotal api key is required, the free public api key has 4 request/min limit, which will slow down the pipeline. | |
| Cuckoo-pipeline | Cuckoo sandbox | # Cuckoo-pipeline Cuckoo will provide a detailed report outlining the behavior of filea uploaded to Gitlab repository | |
| Concourse Volatility Pipeline | Volatility | # Concourse Volatility Pipeline Concourse pipeline that finds hidden processes and exports their executables to a git repo with Volatility. | |
| Cortex-Abuse_Finder Pipeline | Cortex Abuse_Finder | # Cortex-Abuse_Finder Pipeline Concourse pipeline that uses Cortex tool Abuse_Finder to analyze data such as IP, email or url. | |
| Phishing pipeline | # Phishing pipeline Capture screenshots and traffic from URLs mailed to the pipeline | ||
| MISP-integration | # MISP-integration Example script that uses MISP zmq to listen for events with relevant attachments that could be further analysed with some CinCan pipeline. | ||
| Thug pipeline | Honeynet Thug | # Thug pipeline Run a honeyclient (thug) on each URL in a file, get the analysis files in a separate commit | |
| PE-pipeline | Binwalk/PEframe/ClamAV/snowman-decompiler/python-extract-code/iocstrings/feature_extractor/ghidra/ssdeep/ssdc/osslsigncode | # PE-pipeline This pipeline analyses binary files. | yes |
| Fuzzy-comparison pipeline | # Fuzzy-comparison pipeline | ||
| Document pipeline | ClamAV/PDFiD/PeePDF/JSunpack-n/shellcode/strings/oledump/olevba | # Document pipeline The pipeline clones samples from a Gitlab repo, sorts files to PDF and other documents and then runs appropriate tools to the sample files. * Watch the VIDEO | yes |