saferwall: Collaborative and Streamlined Threat Analysis at Scale

by ddos ·

saferwall – Collaborative and Streamlined Threat Analysis at Scale

Saferwall allows you to analyze, triage, and classify threats in just minutes.

⭐ Collaborative – Built for security teams and researchers to streamline analysis, identification, and sharing of malware samples.

☁️ Fast & cloud-native – Scalable and cloud-native by design, deploy in minutes to bare metal or in the cloud.

⚡ Save time – Automate cumbersome tasks, generate IoC’s and reports with zero friction.

📦 Batteries included – All your favorite tools included, build intelligence feeds for hunting threats or generating signatures.

❤️ Open source first – We are open-sourcedeveloper-friendly, and user driven.

 

Batteries Included

  • Static Analysis:

  • Dynamic Analysis:

    • Automated Malware Analysis using a Hypervisor based VM.
    • Intercepting OS System Calls to build an exeuction trace of executable files.
    • Generate detailed reports and gain insight into malware behavior.
    • Choose which API’s to trace, grab screenshots and file changes aswell as memory dumps.

  • Multiple AV scanner supporting major vendors:

    Vendors status Vendors status
    Avast ✔️ FSecure ✔️
    Avira ✔️ Kaspersky ✔️
    Bitdefender ✔️ McAfee ✔️
    ClamAV ✔️ Sophos ✔️
    Comodo ✔️ Symantec ✔️
    ESET ✔️ Windows Defender ✔️
    TrendMicro ✔️ DrWeb ✔️

  • Integrations with your own data processing pipeline.

Current architecture / Workflow:

 

Here is a basic workflow which happens during a file scan:

  • Frontend talks to the backend via REST APIs.
  • Backend uploads samples to the object storage.
  • Backend pushes a message into the scanning queue.
  • Consumer fetches the file and copy it into to the nfs share avoiding to pull the sample on every container.
  • Consumer calls asynchronously scanning services (like AV scanners) via gRPC calls and waits for results.

Installation

Copyright (C) 2018 saferwall

Tags: hunting platform