User guide

This guide will help you to learn basic MWDB concepts step by step. It is not only limited to the potential use-cases of your own mwdb-core instance, but also recommended for mwdb.cert.pl service users who want improve their skills in exploring MWDB database.

Contents:

• 1. Introduction to MWDB
  • A brief history (Why do I need MWDB?)
  • Main views
  • Recent objects view
  • Sample view
• 2. Storing malware samples
  • File attributes
  • Uploading a file
  • Uploading child file
• 3. Storing malware configurations
  • What is malware configuration (or what we think it is)?
  • Configuration attributes
  • How to upload configuration?
  • How configurations are deduplicated?
  • Searching configuration parts
  • Relationships with files
• 4. Storing human-readable data (blobs)
  • What is blob in MWDB?
  • Blob attributes
  • How to upload blobs?
  • Embedded blobs
  • Searching blob files
  • Blob diffing
  • Relationships with configurations
• 5. Tagging objects
  • How to use tags?
  • Built-in tag conventions
• 6. Object attributes
  • How attributes can be used?
  • Declaring new attribute
  • Adding attributes to objects
  • JSON-like attribute values
  • Removing attributes from objects
  • Hidden (protected) attributes
  • Rich templates
• 7. Advanced search based on Lucene queries
  • Query syntax: fields
  • Query syntax: operators
  • Query syntax: ranges
  • Query syntax: timestamps
  • Query syntax: relative timestamps
  • Basic search fields
  • JSON fields (config.cfg:)
  • Favorites field (favorites:)
  • Comment author field (comment_author:)
  • Upload count field (upload_count:)
  • Group access queries (sharer:, shared: and uploader:)
  • Parent/child subqueries
  • Multi field (multi:)
  • Escaping special characters
  • Quick queries
• 8. Automating things using REST API and mwdblib
  • Introduction to mwdblib
  • Using mwdblib for automation
  • Optimizing API usage
  • Command-line interface (CLI)
  • How to use API keys?
  • Using REST API directly (Non-Python integration)
• 9. Sharing objects with other collaborators
  • Object access rules
  • Who is who? User visibility rules
  • Group with everything
  • How to add new user/group?
  • Group capabilities (superpowers)