mwdb-core
latest

Contents:

  • What’s changed?
    • v2.8.0
      • [Important change] Changes in database model
      • [New feature] Rich attributes rendering
      • [Important change] Upgrade to Karton v5.0.0
    • v2.7.0
      • [Important change] Changed API key generation and handling
      • [New feature] Configurable rate limits
      • [New feature] Relative date-time ranges in search
      • [Improvement] New object hooks accessible for plugins
    • v2.6.0
      • [New feature] Support for OpenID Connect authentication
      • [New feature] New Attribute API - support for JSON values
      • [New feature] Configurable timeouts in MWDB Core
      • [New feature] Storing alternative names for sample
      • [New feature] Transactional tag adding along with object upload
      • [New feature] New search features
    • v2.5.0
    • v2.4.0
    • v2.3.0
      • [New feature] Built-in Karton integration
      • [New feature] registered group
      • [API] Plugin information is no longer available for non-admin users
      • [API] Removed managing_attributes capability
    • v2.2.0
      • [New feature] Remote API feature
      • [API] New file download endpoint
      • [Backend] Typed-Config is no longer embedded in mwdb package
      • [Web] React Context is used instead of Redux
      • [Web] Extra routes must be passed as instantiated components
      • [Web] props.object may be undefined for ShowObject extensions. Use ObjectContext instead
  • Setup and configuration
    • Installation and configuration with Docker Compose
    • Standalone installation
      • Step 1.: Prerequisites
      • Step 2.: Installation and configuration
      • Step 3.: Setting up gunicorn and nginx
    • Upgrading mwdb-core to latest version
    • Storing files in S3 Compatible storage (MinIO, AWS S3)
    • Advanced configuration
    • Rate limit configuration
  • User guide
    • 1. Introduction to MWDB
      • A brief history (Why do I need MWDB?)
      • Main views
      • Recent objects view
      • Sample view
    • 2. Storing malware samples
      • File attributes
      • Uploading a file
      • Uploading child file
    • 3. Storing malware configurations
      • What is malware configuration (or what we think it is)?
      • Configuration attributes
      • How to upload configuration?
      • How configurations are deduplicated?
      • Searching configuration parts
      • Relationships with files
        • File → Config relationship
        • Config → File relationship
    • 4. Storing human-readable data (blobs)
      • What is blob in MWDB?
      • Blob attributes
      • How to upload blobs?
      • Embedded blobs
        • Embedding new blob
        • Embedding already uploaded blob
      • Searching blob files
      • Blob diffing
      • Relationships with configurations
        • Config → Blob relations
        • Blob → Config relations
    • 5. Tagging objects
      • How to use tags?
      • Built-in tag conventions
    • 6. Object attributes
      • How attributes can be used?
      • Declaring new attribute
      • Adding attributes to objects
      • JSON-like attribute values
      • Removing attributes from objects
      • Hidden (protected) attributes
      • Rich templates
    • 7. Advanced search based on Lucene queries
      • Query syntax: fields
      • Query syntax: operators
      • Query syntax: ranges
      • Query syntax: timestamps
      • Query syntax: relative timestamps
      • Basic search fields
        • Untyped fields
        • Typed fields (file)
        • Typed fields (config)
        • Typed fields (blob)
        • Special fields
      • JSON fields (config.cfg:)
      • Favorites field (favorites:)
      • Comment author field (comment_author:)
      • Upload count field (upload_count:)
      • Group access queries (sharer:, shared: and uploader:)
      • Parent/child subqueries
      • Multi field (multi:)
      • Escaping special characters
      • Quick queries
    • 8. Automating things using REST API and mwdblib
      • Introduction to mwdblib
      • Using mwdblib for automation
        • Feeding MWDB service
        • Using MWDB service as a feed
        • Retrieving Karton analysis status
      • Optimizing API usage
        • How lazy loading works?
      • Command-line interface (CLI)
        • User authentication
        • Looking for recent data
        • Gathering information about objects
        • Uploading files
      • How to use API keys?
      • Using REST API directly (Non-Python integration)
    • 9. Sharing objects with other collaborators
      • Object access rules
      • Who is who? User visibility rules
      • Group with everything
      • How to add new user/group?
        • Create a new user
        • Create a new group
      • Group capabilities (superpowers)
  • Integration guide
    • Getting started with local plugins
    • Adding webhook
    • Available hooks
  • Extra features
  • Developer guide
    • Setting up development environment
    • Testing mail-related features
    • Auto generating Alembic migrations
  • Remote instances guide
    • Remote instance features
    • Setting up remote instance
    • Known issues and limitations
  • Karton integration guide
    • How does it work?
    • How to setup MWDB with Karton?
    • Resubmitting analysis
    • Migration from unofficial plugin setup
  • OpenID Connect authentication (Single Sign-On)
    • Setting up new OpenID Provider
    • OpenID client setup on OpenID Provider
    • Bind MWDB account with OpenID Provider
  • Rich attributes guide
    • Getting started
    • Mustache basics
    • Markdown basics
    • Known issues
mwdb-core
  • »
  • Search

© Copyright 2021, CERT Polska. Revision 2b656456.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: latest
Versions
latest
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds