diff options
author | Sebastian Deiss <sebastian.deiss@atos.net> | 2018-06-21 12:33:59 +0200 |
---|---|---|
committer | Sebastian Deiss <sebastian.deiss@atos.net> | 2018-06-21 12:33:59 +0200 |
commit | 356567d964721343aa0be47b6868c0b4a442ffd3 (patch) | |
tree | 5199886314e049da80a3712a5ae182f3530266e4 | |
parent | 4db6800ed7a87a581838311b2e43ab7877e28c01 (diff) |
Keep malicious sample along with the reports
Malicious samples are saved to the 'malware_reports' directory along with the reports.
This can be useful for further analysis through security analysts.
-rw-r--r-- | peekaboo/ruleset/engine.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/peekaboo/ruleset/engine.py b/peekaboo/ruleset/engine.py index d187f86..f5be989 100644 --- a/peekaboo/ruleset/engine.py +++ b/peekaboo/ruleset/engine.py @@ -158,6 +158,16 @@ def dump_processing_info(sample): except Exception as e: logger.exception(e) + # store malicious sample along with the reports + if sample.get_result() == Result.bad: + try: + copyfile( + sample.get_file_path(), + os.path.join(dump_dir, sample.get_filename()) + ) + except Exception as e: + logger.exception(e) + if sample.has_attr('cuckoo_json_report_file'): # Cuckoo report try: |