Behavior References in MAEC Report #11
Comments
|
Hi - Behaviors have not yet been captured in the MAEC reporting module for Cuckoo. The current (beta) release of the module is limited to the following data:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, I have implemented the MAEC reporting module in cuckoo 2.0 and I am able to generate the corresponding reports. However, I noticed that there aren't any behavior references linked to the capabilities included in the report (to see which particular action executed by the malware triggered a specific capability).
I had previously looked into the MAEC examples for cuckoo and stumbled upon this schema:
https://github.com/MAECProject/schemas/blob/master/examples/package_capability.json
This file contains the following snippet:
"capabilities": [
{
"name": "persistence",
"refined_capabilities": [
{
"name": "continuous-execution",
"behavior_refs": ["behavior--2099d4c1-0e8a-49d2-8d32-f0427e1ff817"]
}
]
}
],
Is there any way to generate reports that also include the aforementioned "behavior_refs" using Cuckoo and MAEC?
Thanks
The text was updated successfully, but these errors were encountered: