WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

External Karton integration #1036

New issue
New issue
Open
Open
External Karton integration#1036
Labels
enhancementNew feature or request
@psrok1

Description

@psrok1
psrok1
opened on Apr 23, 2025

Previously - Karton was strictly integrated with Drakvuf Sandbox as it used this project for queuing analyses and sending results both to the final S3 storage and other consumers. That model was pretty difficult to maintain as Karton is meant to work in microservice model and it's much easier to maintain such environment when microservice is easily replaceable.

Such Karton service should consume analysis requests and use Drakvuf Sandbox API to schedule an analysis and poll for the results. If analysis was sucessful, Karton service should send a task indicating the end of the analysis, including some artifacts (e.g. memory dumps) in compatible way with https://github.com/CERT-Polska/karton-config-extractor.

Karton should also handle the multinode model by indicating on which node the analysis was performed. Proper Drakvuf Sandbox analysis reference can be send in payload.attribute in compatible way with https://github.com/CERT-Polska/karton-mwdb-reporter.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions