Pipelines

Here is the list of Concourse CI pipelines created for the cincan project. The pipelines are downloadable at GitLab.

You can setup the pilot environment and pipelines with the instructions at our Gitlab page.


Descriptions

Pipeline name Tools used Description
cuckoo-pipeline Cuckoo sandbox Cuckoo will provide a detailed report outlining the behavior of filea uploaded to Gitlab repository
cortex-pipeline Cortex Abuse_Finder Concourse pipeline that uses Cortex tool Abuse_Finder to analyze data such as IP, email or url
document-pipeline ClamAV/PDFiD/PeePDF/JSunpack-n/shellcode/strings/oledump/olevba The pipeline clones the samples from a Gitlab repo, sorts files to PDF and other documents and then runs appropriate tools to the sample files. Watch the VIDEO
email-pipeline Honeynet Thug / Pywhois
MISP-integration Example script that uses MISP zmq to listen for events with relevant attachments that could be further analysed with some CinCan pipeline.
pdf-pipeline PDFiD / PeePDF / JSunpack-n / shellcode analysis. The pipeline polls for new files at a Gitlab repo, analyses the documents and writes the results to another branch of the repo.
smart-factory-18-pipeline Strings / PE-scanner / Cortex The pipeline tries to identify file type, then runs pe-scanner and strings, and finally Cortex results
thug-pipeline Honeynet Thug Run a honeyclient (thug) on each URL in a file, get the analysis files in a separate commit
virustotal-pipeline Suricata / iocextract / Virustotal This pipeline consumes pcap files from s3 resource compatibible storage, archives pcaps and analyzes the files with suricata and virustotal.
volatility-pipeline-1 Volatility Concourse pipeline that finds hidden processes and exports their executables to a git repo with Volatility.


Pipelines currently with easy setup for the pilot environment:

pdf-pipeline
document-pipeline