Concourse pipelines for the pilot environment

These pipelines can be deployed in the Concourse CI pilot environment.

Descriptions

Pipeline name Tools used Description Quick setup for the pilot environment
Email-pipeline Honeynet Thug / Pywhois # Email-pipeline
PDF pipeline PDFiD / PeePDF / JSunpack-n / shellcode analysis # PDF pipeline The pipeline polls for new files at a Gitlab repo, analyses the documents and writes the results to another branch of the repo. * Watch the VIDEO yes
Virustotal Pipeline Suricata / iocextract / Virustotal # Virustotal Pipeline This pipeline consumes pcap files from s3 resource compatibible storage, archives pcaps and analyzes the files with suricata and virustotal. Note: A virustotal api key is required, the free public api key has 4 request/min limit, which will slow down the pipeline.
Cuckoo-pipeline Cuckoo sandbox # Cuckoo-pipeline Cuckoo will provide a detailed report outlining the behavior of filea uploaded to Gitlab repository
Concourse Volatility Pipeline Volatility # Concourse Volatility Pipeline Concourse pipeline that finds hidden processes and exports their executables to a git repo with Volatility.
Cortex-Abuse_Finder Pipeline Cortex Abuse_Finder # Cortex-Abuse_Finder Pipeline Concourse pipeline that uses Cortex tool Abuse_Finder to analyze data such as IP, email or url.
Phishing pipeline # Phishing pipeline Capture screenshots and traffic from URLs mailed to the pipeline
MISP-integration # MISP-integration Example script that uses MISP zmq to listen for events with relevant attachments that could be further analysed with some CinCan pipeline.
Thug pipeline Honeynet Thug # Thug pipeline Run a honeyclient (thug) on each URL in a file, get the analysis files in a separate commit
PE-pipeline Binwalk/PEframe/ClamAV/snowman-decompiler/python-extract-code/iocstrings/feature_extractor/ghidra/ssdeep/ssdc/osslsigncode # PE-pipeline This pipeline analyses binary files. yes
Fuzzy-comparison pipeline # Fuzzy-comparison pipeline
Document pipeline ClamAV/PDFiD/PeePDF/JSunpack-n/shellcode/strings/oledump/olevba # Document pipeline The pipeline clones samples from a Gitlab repo, sorts files to PDF and other documents and then runs appropriate tools to the sample files. * Watch the VIDEO yes