Skip to content

FileInfo#

FileInfo#

Author: TheHive-Project
License: AGPL-V3
Version: 8.0
Supported observables types:
- file
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Parse files in several formats such as OLE and OpenXML to detect VBA macros, extract their source code, generate useful information on PE, PDF files...

Configuration#

manalyze_enable Wether to enable manalyze submodule or not.
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required True
manalyze_enable_docker Use docker to run Manalyze. Can be used only if not using the docker image of FileInfo
Default value if not configured False
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False
manalyze_enable_binary Use local binary to run Manalyze. Need to compile it before!
Default value if not configured True
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False
manalyze_binary_path Path to the Manalyze binary that was compiled before. Keep the default value if using the docker image of FileInfo
Default value if not configured /worker/Manalyze/bin/manalyze
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
floss_enable Enable the use of FireEye FLARE FLOSS
Default value if not configured N/A
Type of the configuration item boolean
The configuration item can contain multiple values False
Is required False
floss_binary_path Path to the FLOSS binary.
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required False
floss_minimal_string_length Length of strings must be in order to be considered.
Default value if not configured N/A
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.