Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ImportFileYARA]: Create an import file connector dedicated to import YARA files/rules #3259

Merged
merged 3 commits into from
Feb 3, 2025
Merged

[ImportFileYARA]: Create an import file connector dedicated to import YARA files/rules #3259

merged 3 commits into from
Feb 3, 2025

Conversation

romain-filigran
Copy link
Member

Proposed changes

New internal import connector that handle .yar file.

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality using different use cases
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

@romain-filigran romain-filigran added the filigran team use to identify PR from the Filigran team label Jan 13, 2025
@romain-filigran romain-filigran added this to the PRs backlog milestone Jan 15, 2025
@helene-nguyen helene-nguyen linked an issue Jan 30, 2025 that may be closed by this pull request
[ImportFileYARA]: Create an import file connector dedicated to import YARA files/rules #3235
Closed
@flavienSindou flavienSindou requested review from flavienSindou and removed request for SamuelHassine February 3, 2025 15:07
flavienSindou
flavienSindou approved these changes Feb 3, 2025
View reviewed changes
Copy link
Contributor

@flavienSindou flavienSindou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved as no blockers found, based on code only.

internal-import-file/import-file-yara/Dockerfile_fips
Comment on lines +14 to +17
# Expose and entrypoint
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Expose and entrypoint
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["python", "import-file-yara.py"]

internal-import-file/import-file-yara/src/requirements.txt
@@ -0,0 +1,3 @@
pycti==6.4.5
typing-extensions==4.12.2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this does not seems to be used.

internal-import-file/import-file-yara/src/import-file-yara.py
Comment on lines +92 to +95
"""
:param content:
:return:
"""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty docstring

internal-import-file/import-file-yara/src/import-file-yara.py
Comment on lines +42 to +46
:param yara_rule:
:param yara_name:
:param yara_metadata:
:return:
"""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty docstring

@helene-nguyen
Copy link
Member

@romain-filigran Some comments was added by @flavienSindou (thank you for the review), it will be merged as no blockers found but the connector can be improved later

@helene-nguyen helene-nguyen merged commit a7d4381 into master Feb 3, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flavienSindou flavienSindou flavienSindou approved these changes

Assignees
No one assigned
Labels
filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
PRs backlog
Development

Successfully merging this pull request may close these issues.

[ImportFileYARA]: Create an import file connector dedicated to import YARA files/rules
3 participants
@romain-filigran @helene-nguyen @flavienSindou