Architectural Overview
The above diagram shows the various components of the Binary Toolkit, as described below.
Receives the initial input from the user and sets the rest of the pipeline going.
Takes the received hash values and checks them against the database. Hashes that have already been analyzed are not analyzed again.
Retrieves the metadata of each item to be analyzed, including the URL from which the contents of the item to be analyzed may be downloaded.
Actually analyzes each item to find Indicators of Compromise. If needed, uses the URL provided to download the item contents for analysis. This component may be replaced.
Collects the Indicators of Compromise that are found by the analysis engine, and formats them into reports which are fed back to the Carbon Black Cloud.
Stores the hash values of items that have been previously analyzed, and also temporarily holds report data items before they are sent to the Carbon Black Cloud. This component may be replaced.