Skip to content

FileInfo#

FileInfo#

Author: TheHive-Project
License: AGPL-V3
Version: 7.0
Supported observables types:
- file
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...

Configuration#

manalyze_enable Wether to enable manalyze submodule or not.
Default value if not configured N/A
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
manalyze_enable_docker Use docker to run Manalyze.
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False
manalyze_enable_binary Use local binary to run Manalyze. Need to compile it before!
Default value if not configured True
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False
manalyze_binary_path Path to the Manalyze binary that was compiled before
Default value if not configured /opt/Cortex-Analyzers/utils/manalyze/bin/manalyze
Type of the configuration item string
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.


Last update: October 16, 2020 10:16:04