FileInfo
FileInfo
Author: TheHive-Project
License: AGPL-V3
Version: 8.0
Supported observables types:
- file
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...
Configuration
manalyze_enable |
Wether to enable manalyze submodule or not. |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
True |
manalyze_enable_docker |
Use docker to run Manalyze. Can be used only if not using the docker image of FileInfo |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
manalyze_enable_binary |
Use local binary to run Manalyze. Need to compile it before! |
Default value if not configured |
True |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
manalyze_binary_path |
Path to the Manalyze binary that was compiled before. Keep the default value if using the docker image of FileInfo |
Default value if not configured |
/worker/Manalyze/bin/manalyze |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
False |
floss_enable |
Enable the use of FireEye FLARE FLOSS |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
floss_binary_path |
Path to the FLOSS binary. |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
False |
floss_minimal_string_length |
Length of strings must be in order to be considered. |
Default value if not configured |
N/A |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
Templates samples for TheHive
No template samples to display.