Adds -a/--activity switch to allow the user to specify the alert IoCs to run
Adds PDFs of alerts to indicators directory to remove ambiguity to previous bullet
Adds constants for log levels to make logging more explicit
Updates README
v1.0.6
3 years ago
Non-zero Exit on IOC's Discovered in Non-interactive Mode (#33)
Seeks IOC detection count from run and exits with non-zero status in non-interactive mode, retaining existing functionality in interactive mode. Addresses #31
v1.0.6 (#36)
Increases performance of yara by using an iterative mapping (28 minutes for 600k+ records in testing)
Properly catches keyboard interrupts with yara
Catches unicode decode errors in the networking module
Catches unicode encode errors in the yara module
v1.0.5
3 years ago
v1.0.5 (#32)
Add --silent switch to silence CHIRP output.
Add -v switch to increase verbose-ness of program
Replace custom logging method with logging builtin library (preps for #31)
v1.0.4
3 years ago
v1.0.4 (#30)
Provides a --non-interactive switch and actually accepts any key to exit. (#20)
Properly catches cases when not ran on Windows, removes mountvol as dependency. (#22)
Compiling with mvsc and python3.8 should remove some unknowns (#13)
Changing the python dll to 3.8 should allow CHIRP to run on Server 2008 R2. (#4)
Added indicator for AA21062A and updated iocs.yaml (#29)
Compiled IOCs in AA21-062A into a single alert. Removed network addresses associated with this alert from iocs.yaml and added them to the alert indicator.
Add Target Filepaths Argument for Yara Plugin IOC Override (#28)
Adds target filepath argument for CISA CHIRP which overrides IOC "files" specifications at runtime to increase tool flexibility and performance where desired.
v1.0.3
3 years ago
Adds ability to specify plugins to run. (#24)
v1.0.2b
3 years ago
Hashes now included
v1.0.2
3 years ago
Created a queue in chirp.common to properly handle console output (#7)
Resolution above also resolves (#8)
Added a sleep to the main method of chirp so success message prints after all output has completed.