mwdb-core

Contents:

  • What’s changed?
    • v2.18.0
      • [New feature] Managing MWDB groups using OpenID Provider
    • v2.17.0
      • [Important change] Karton analyses are paginated
      • [Important change] virtualenv path changed from /app/venv to /app/.venv
      • [Important change] Changes in account registration using OpenID Connect
      • [Feature] Multiple improvements in file download as password-protected zip file
    • v2.16.0
    • v2.15.0
      • [Important change] Exposed relationships are limited type-wise to 100 elements
      • [Feature] Lambdas - new feature of Rich Attributes templates
    • v2.14.0
    • v2.13.0
    • v2.12.0
      • [Important change] Refactor of search engine
      • [Important change] Replaced Flask-RESTful with own lightweight implementation
      • [Important change] Changes in logging, introduced Prometheus metrics
    • v2.11.0
    • v2.10.1
    • v2.10.0
    • v2.9.0
      • [Important change] Opt-in counting of search results
      • [Important change] Changes in sharing model
      • [Important change] Changed behavior of access_all_objects capability
      • [Important change] Changes in web plugins engine
      • [Important change] Replaced uWSGI with Gunicorn
    • v2.8.0
      • [Important change] Changes in database model
      • [New feature] Rich attributes rendering
      • [Important change] Upgrade to Karton v5.0.0
    • v2.7.0
      • [Important change] Changed API key generation and handling
      • [New feature] Configurable rate limits
      • [New feature] Relative date-time ranges in search
      • [Improvement] New object hooks accessible for plugins
    • v2.6.0
      • [New feature] Support for OpenID Connect authentication
      • [New feature] New Attribute API - support for JSON values
      • [New feature] Configurable timeouts in MWDB Core
      • [New feature] Storing alternative names for sample
      • [New feature] Transactional tag adding along with object upload
      • [New feature] New search features
    • v2.5.0
    • v2.4.0
    • v2.3.0
      • [New feature] Built-in Karton integration
      • [New feature] registered group
      • [API] Plugin information is no longer available for non-admin users
      • [API] Removed managing_attributes capability
    • v2.2.0
      • [New feature] Remote API feature
      • [API] New file download endpoint
      • [Backend] Typed-Config is no longer embedded in mwdb package
      • [Web] React Context is used instead of Redux
      • [Web] Extra routes must be passed as instantiated components
      • [Web] props.object may be undefined for ShowObject extensions. Use ObjectContext instead
  • Setup and configuration
    • Installation and configuration with Docker Compose
    • Standalone installation
      • Step 1.: Prerequisites
      • Step 2.: Installation and configuration
      • Step 3.: Setting up gunicorn and nginx
    • Upgrading mwdb-core to latest version
    • Storing files in S3 Compatible storage (MinIO, AWS S3)
    • Setting higher upload size limit in Docker
    • Advanced configuration
    • Using MWDB in Kubernetes environment
  • User guide
    • 1. Introduction to MWDB
      • A brief history (Why do I need MWDB?)
      • Main views
      • Recent objects view
      • Sample view
    • 2. Storing malware samples
      • File attributes
      • Uploading a file
      • Uploading child file
    • 3. Storing malware configurations
      • What is malware configuration (or what we think it is)?
      • Configuration attributes
      • How to upload configuration?
      • How configurations are deduplicated?
      • Searching configuration parts
      • Relationships with files
        • File → Config relationship
        • Config → File relationship
    • 4. Storing human-readable data (blobs)
      • What is blob in MWDB?
      • Blob attributes
      • How to upload blobs?
      • Embedded blobs
        • Embedding new blob
        • Embedding already uploaded blob
      • Searching blob files
      • Blob diffing
      • Relationships with configurations
        • Config → Blob relations
        • Blob → Config relations
    • 5. Tagging objects
      • How to use tags?
      • Built-in tag conventions
    • 6. Object attributes
      • How attributes can be used?
      • Declaring new attribute
      • Adding attributes to objects
      • JSON-like attribute values
      • Removing attributes from objects
      • Hidden (protected) attributes
      • Rich templates
    • 7. Advanced search based on Lucene queries
      • Query syntax: fields
      • Query syntax: operators
      • Query syntax: ranges
      • Query syntax: timestamps
      • Query syntax: relative timestamps
      • Basic search fields
        • Untyped fields
        • Typed fields (file)
        • Typed fields (config)
        • Typed fields (blob)
        • Special fields
      • JSON fields (config.cfg:)
      • Favorites field (favorites:)
      • Comment author field (comment_author:)
      • Upload count field (upload_count:)
      • Group access queries (sharer:, shared: and uploader:)
      • Parent/child subqueries
      • Multi field (multi:)
      • Escaping special characters
      • Quick queries
    • 8. Automating things using REST API and mwdblib
      • Introduction to mwdblib
      • Using mwdblib for automation
        • Feeding MWDB service
        • Using MWDB service as a feed
        • Retrieving Karton analysis status
      • Optimizing API usage
        • How lazy loading works?
        • Optimizing iteration over long list of objects
      • Command-line interface (CLI)
        • User authentication
        • Looking for recent data
        • Gathering information about objects
        • Uploading files
      • How to use API keys?
      • Using REST API directly (Non-Python integration)
    • 9. Sharing objects with other collaborators
      • Object access rules
      • Who is who? User visibility rules
      • How to add new user/group?
        • Create a new user
        • Create a new group
      • Group capabilities (superpowers)
      • Sharing with third parties
  • Integration guide
    • Getting started with local plugins
    • Adding webhook
    • Available hooks
    • Creating web plugins
      • Web plugins: getting started
    • Web plugins: Transforming Extendable element
      • Web plugins: how it works internally?
    • Building customized images
    • Room for improvement
  • Developer guide
    • Setting up development environment
    • Testing mail-related features
    • Auto generating Alembic migrations
    • Debugging database problems
  • Remote instances guide
    • Remote instance features
    • Setting up remote instance
    • Known issues and limitations
  • Karton integration guide
    • How does it work?
    • How to setup MWDB with Karton?
    • Resubmitting analysis
    • Migration from unofficial plugin setup
  • OpenID Connect authentication (Single Sign-On)
    • Step-by-step configuration
      • Step 1: Configure MWDB client in Keycloak
      • Step 2: Create OpenID Provider in MWDB
      • Step 3: Binding account to OpenID identity
      • Step 4: Creating new MWDB account by logging in via Keycloak
    • Access control for OIDC users
    • Approval requirement for accounts registered via OIDC
    • Manage MWDB groups from OpenID Provider groups
      • Group filtering and name mapping
      • Managing existing groups in MIXED mode
      • Example: Setting up MWDB group management using Keycloak
    • Disable password-based authentication
  • Rich attributes guide
    • Getting started
    • Mustache basics
    • Markdown basics
    • Lambdas
      • Transformers
        • count
        • sort
        • first
        • last
        • group
        • keys
        • values
        • entries
        • jsonify
        • uriencode
      • Renderers
        • if-then-else
        • section
        • collapse
        • indicator
      • Extensibility using plugins
    • Other features
      • Interactive search links
      • Array indices
    • Known issues
  • Prometheus metrics
    • Setup guide
  • Rate limit configuration
    • Global rate-limit configuration
    • Group-based rate limit configuration
mwdb-core
  • Search

© Copyright 2021, CERT Polska.

Built with Sphinx using a theme provided by Read the Docs.