Skip to content

Release 2.1

Latest
Compare
Choose a tag to compare
@michaelweiser michaelweiser released this 26 Apr 08:20
· 28 commits to master since this release
  • Peekaboo now provides a REST API. The old UNIX domain socket is gone and
    there's no longer a long-lived client connection providing a summary report
    on multiple samples. Samples are now submitted individually, yielding a job ID
    for subsequent attempts at retrieving a report. Both inputs and outputs of
    the API are JSON. The AMaViS plugin and peekaboo-util are updated to match.
  • Embedded Cuckoo mode and python2 support are removed.
  • Breaking change: Equality operators in expressions using regexes do now need
    to match the whole string up to the end.
  • New database schema version 9.
    Removes tables PeekabooMetadata and AnalysisJournal, and adds field
    analysis_time as well as state to SampleInfo.
  • Generic rules can now make use of the new analyser knownreport
  • Introduce cortexreport toolbox analyser to connect to Cortex by TheHive.
    There already are a few sub analysers that can be used.
  • Reduce amount of data copied from Cuckoo reports for memory efficiency and
    security reasons. Reduces the amount of information available in Peekaboo
    processing failure dumps as well. URL to access original report via Cuckoo API
    is provided instead.
  • The CortexAnalyser or more precisely every CortexAnalyser can now access
    domain, hash, and ip artifacts from within the Generic rules.
  • FileInfoAnalyzerReport has new attibutes md5sum, sha256sum, and ssdeepsum
    (now don't get to excited, ssdeep hashes can only be used as strings)
  • Input validation of reports adds a new pip requirement: schema
  • Availability of external resources, particularly Cuckoo and Cortex APIs is no
    longer checked at startup. Lack of availability is reported as individual job
    failure.
  • PID file is no longer created by default (but can be re-enabled by specifying
    a path).