- Notifications
You must be signed in to change notification settings - Fork4
Yara station is a management portal for Neo23x0-Loki. The mission is to transform the standalone nature of the Loki scanner into a centralized management solution that facilitates result investigation and easier scanning capabilities.
NumLocK15/YaraStation
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Yara station is a managment portal designed to facilitate the use of (Neo23x0 / Loki scanner).
it was created to act as a workaround solution for orgnizations that do not have an enterprise solution to manage thier yara scanning activities.
The idea is to use loki scanner as the base for all scanning activities, and to parse and aggregate all the results in a centralized database to facilitie the following:
1. Storing/archiving yara results.2. Creating dashboards3. Scanning clients/servers centrally (comming soon)sudo apt updatesudo apt install docker-composegit clone https://github.com/NumLocK15/yarastation/cd yarastation/sudo docker-compose -f docker-compose-deploy.yml up -dThat is it :) .. Now you can access the portal onhttp://localhost
#download the codegit clone https://github.com/NumLocK15/yarastation/cd yarastation/app#setup the virtual environemt and download requirmentssudo apt updatesudo apt install virtualenvsudo virtualenv envsource env/bin/activatepip3 install -r requirements-standalone.txt ## Important Steps:1) replace core/setting.py with core/setting-standalone.py by renaming the latter.2) locate core/urls.py and remove setting.debug section# Create tables in dbpython manage.py makemigrationspython manage.py migrate# Start the application python manage.py runserver 0.0.0.0:8015 --insecureThat is it :) .. Now you can access the portal onhttp://localhost:8015
Notes:
- in the standalone version the app will create and run on SQLite instance rather than postgres which is used in the docker, which may cause concurrency issues. you can also link to any other existing database in your environment (read django documentioans)
(On docker-compose installation)# Run the following commandsdocker exec -it yarastation_app_1 chmod +x generate_token_scripts/generate_token.shdocker exec -it yarastation_app_1 generate_token_scripts/generate_token.shdocker exec -it yarastation_app_1 cat /app/generate_token_scripts/agent_token.txt# copy the generated token as it will be used in later stages.(Option 1: running the agent as an executable.)1) unzip the release version of the agent in a location of your choosing (PS: this will be your installation folder and it should not be moved)2) Generate the config file (ys_config.txt) by running generate_config.ps1..3) Run the executable using the command prompt and give the location of the config as an argument (example: yarastation_agent.exe "C:\ys_config.txt")DONE!! now you can manage your system from the server.(Option 2: running the agent as an service.) (Recomended)1) unzip the release version of the agent in a location of your choosing (PS: this will be your installation folder and it should not be moved)2) execute the powershell script "install_yarastation_agent.ps1" follow the commands then finish.3) go to windows services, find yarastation and start the service. DONE!! now you can manage your system from the server.
The portal is still in the earlly development phases, it is recommended to run it in a controlled environemnt that does not have internet access.
1. (live) Provide support for Uploading/Parsing loki results2. (live) Provide support for managment agents to run scans from a centralized location3. (Coming soon - Testing phases) Agent Support for UNIX systems4. (Coming soon - still collecting data) Provide support for Uploading/Parsing results from different sources (e.g. Thor scanner, EDRs etc.)
About
Yara station is a management portal for Neo23x0-Loki. The mission is to transform the standalone nature of the Loki scanner into a centralized management solution that facilitates result investigation and easier scanning capabilities.