forked from CybercentreCanada/assemblyline-service-badlist
-
Notifications
You must be signed in to change notification settings - Fork 0
/
service_manifest.yml
50 lines (42 loc) · 1.13 KB
/
service_manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: Badlist
version: $SERVICE_TAG
description: >
ALv4 Badlist service
This service will check the file hashes against Assemblyline's internal badlist infrastructure and mark
files as bad accordingly.
accepts: .*
rejects: empty|metadata/.*
stage: REVIEW
category: Static Analysis
uses_tags: true
file_required: false
timeout: 10
disable_cache: false
enabled: true
config:
cache_timeout_seconds: 1800
lookup_md5: false
lookup_sha1: false
lookup_sha256: true
lookup_ssdeep: false
lookup_tlsh: true
docker_config:
image: ${REGISTRY}cccs/assemblyline-service-badlist:$SERVICE_TAG
cpu_cores: 0.4
ram_mb: 256
heuristics:
- heur_id: 1
name: Badlisted File
score: 1000
filetype: "*"
description: This file is found in the list of know bad files
- heur_id: 2
name: Badlisted IOC
score: 1000
filetype: "*"
description: This Indicator Of Compromise is found in the list of know bad IOCs
- heur_id: 3
name: Badlisted Similar File
score: 500
filetype: "*"
description: This file is similar to a file found in the list of know bad files