Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash "whitelist" #20

Open
import-pandas-as-numpy opened this issue Jun 25, 2023 · 1 comment
Open

Hash "whitelist" #20

import-pandas-as-numpy opened this issue Jun 25, 2023 · 1 comment
Labels
enhancement New feature or request

Comments

@import-pandas-as-numpy
Copy link
Member

We can't bake these all in our yara rules. This may be a very large project, but a database of known good hashes (such as stdlib files) could be checked prior to scanning individual files to exempt certain files that match known good hashes.
@import-pandas-as-numpy import-pandas-as-numpy moved this to 🔎 Discovery in Dragonfly Roadmap Jun 25, 2023
@import-pandas-as-numpy import-pandas-as-numpy added the enhancement New feature or request label Jun 25, 2023
@import-pandas-as-numpy import-pandas-as-numpy moved this from 🔎 Discovery to 📋 Backlog in Dragonfly Roadmap Jun 28, 2023
@jonathan-d-zhang
Copy link
Contributor

First thoughts, how would this database be created? These could probably be distributed from mainframe, updated in the client through a similar mechanism to the rules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Dragonfly Roadmap
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonathan-d-zhang @import-pandas-as-numpy