Pipelines

Here is the list of Concourse CI pipelines created for the cincan project.

The pipelines are downloadable at GitLab.

You can setup the pilot environment and pipelines with the instructions at our Gitlab wiki page. README.md

Descriptions

Pipeline name Tools used Description
cuckoo-pipeline Cuckoo sandbox Cuckoo will provide a detailed report outlining the behavior of filea uploaded to Gitlab repository
document-pipeline ClamAV/PDFiD/PeePDF/JSunpack-n/shellcode/strings/oledump/olevba The pipeline clones the samples from a Gitlab repo, sorts files to PDF and other documents and then runs appropriate tools to the sample files. Watch the VIDEO
email-pipeline
MISP-integration Example script that uses MISP zmq to listen for events with relevant attachments that could be further analysed with some CinCan pipeline.
pdf-pipeline PDFiD / PeePDF / JSunpack-n / shellcode analysis. The pipeline polls for new files at a Gitlab repo, analyses the documents and writes the results to another branch of the repo.
virustotal-pipeline Suricata / iocextract / Virustotal This pipeline consumes pcap files from s3 resource compatibible storage, archives pcaps and analyzes the files with suricata and virustotal.
volatility-pipeline-1 Volatility Concourse pipeline that finds hidden processes and exports their executables to a git repo with Volatility.