-
Notifications
You must be signed in to change notification settings - Fork 0
/
service_manifest.yml
129 lines (118 loc) · 3.35 KB
/
service_manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Name of the service
name: MetaDefender_Sandbox
# Version of the service
version: $SERVICE_TAG
description: This Assemblyline service interfaces with the MetaDefender Sandbox -previously known as OPSWAT Filescan Sandbox-, detonating files and URLs. This integration was developed by OPSWAT. (C) OPSWAT, Inc.
accepts: .*
rejects: empty
stage: CORE
category: Dynamic Analysis
file_required: true
timeout: 600
# is the service enabled by default
enabled: true
uses_metadata: true
# -1000: safe
# 0 - 299: no_threat/informational
# 300 - 699: suspicious
# 700 - 999: highly suspicious
# >= 1000: malicious
heuristics:
- description: MetaDefender Sandbox determined that the file is benign.
filetype: "*"
heur_id: 1
name: MetaDefender Sandbox verdict is benign.
score: -1000
- description: MetaDefender Sandbox signal group is benign.
filetype: "*"
heur_id: 2
name: Benign threat indicators
score: -1000
- description: MetaDefender Sandbox determined that the file is no threat/informational.
filetype: "*"
heur_id: 3
name: MetaDefender Sandbox verdict is no threat.
score: 0
- description: MetaDefender Sandbox signal group is no threat/informational.
filetype: "*"
heur_id: 4
name: No threat indicators
score: 0
- description: MetaDefender Sandbox determined that the file is unknown.
filetype: "*"
heur_id: 5
name: MetaDefender Sandbox verdict is unknown
score: 299
- description: MetaDefender Sandbox signal group is unknown.
filetype: "*"
heur_id: 6
name: Unknown threat indicators
score: 299
- description: MetaDefender Sandbox determined that the file is suspicious.
filetype: "*"
heur_id: 7
name: MetaDefender Sandbox verdict is suspicious
score: 500
- description: MetaDefender Sandbox signal group is suspicious.
filetype: "*"
heur_id: 8
name: Suspicious threat indicators
score: 500
- description: MetaDefender Sandbox determined that the file is likely malicious.
filetype: "*"
heur_id: 9
name: MetaDefender Sandbox verdict is likely malicious
score: 850
- description: MetaDefender Sandbox signal group is likely malicious.
filetype: "*"
heur_id: 10
name: Likely malicious threat indicators
score: 850
- description: MetaDefender Sandbox determined that the file is malicious.
filetype: "*"
heur_id: 11
name: MetaDefender Sandbox verdict is malicious
score: 1000
- description: MetaDefender Sandbox signal group is malicious.
filetype: "*"
heur_id: 12
name: Malicious threat indicators
score: 1000
# Docker configuration block which defines:
# - the name of the docker container that will be created
# - CPU and ram allocation by the container
docker_config:
image: ${REGISTRY}opswat/assemblyline-service-metadefender-sandbox:$SERVICE_TAG
cpu_cores: 1.0
ram_mb: 1024
allow_internet_access: true
config:
api_key: ""
host: "https://www.filescan.io"
poll_interval: 2
timeout: 60
submission_params:
- default: ""
name: api_key
type: str
value: ""
- default: 2
name: poll_interval
type: int
value: 2
- default: 60
name: timeout
type: int
value: 60
- default: ""
name: description
type: str
value: ""
- default: ""
name: password
type: str
value: ""
- default: ""
name: is_private
type: bool
value: ""