BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spreads.
+ Built with Amazon Web Services (AWS): An AWS account is all you need to deploy BinaryAlert.
+ Broad YARA Support: Add your own YARA rules and/or automatically clone them from third-party repos. Both the PE and math modules are supported.
+ Real-Time: Files uploaded to BinaryAlert (S3 bucket) are immediately queued for analysis.
+ Serverless: All computation is handled by Lambda functions. No servers to manage means stronger security and automatic scaling!
+ Infrastructure-as-Code: The entire infrastructure is described with Terraform configuration files, enabling anyone to deploy BinaryAlert in a matter of minutes with a single command.
+ Retroactive Analysis: After updating the YARA ruleset, BinaryAlert will retroactively scan the entire file corpus to find any new matches.
+ Easily Configurable: BinaryAlert configuration is managed in a single Terraform variables file.
+ Quality Code: Written in Python3 with unit tests and linting to ensure a clean and reliable codebase.
+ Low Cost: The AWS bill is based only on how many files are analyzed.
+ Python 3.x, pip3 and virtualenv
+ Terraform https://www.terraform.io/intro/getting-started/install.html
Usage and install:
git clone https://github.com/airbnb/binaryalert && cd binaryalert
virtualenv -p python3 venv
pip3 install -r requirements.txt
Set your AWS credentials using any method supported by Terraform. The two simplest options are to run aws configure (saves ~/.aws/credentials file) or
python3 manage.py --help
python3 manage.py test