CHIRP Versions Save

A DFIR tool written in Python.

v1.0.7

3 years ago

v1.0.7 (#40)

  • Fixes Unicode error in network and yara modules
  • Adds -a/--activity switch to allow the user to specify the alert IoCs to run
  • Adds PDFs of alerts to indicators directory to remove ambiguity to previous bullet
  • Adds constants for log levels to make logging more explicit
  • Updates README

v1.0.6

3 years ago

Non-zero Exit on IOC's Discovered in Non-interactive Mode (#33)

  • Seeks IOC detection count from run and exits with non-zero status in non-interactive mode, retaining existing functionality in interactive mode. Addresses #31

v1.0.6 (#36)

  • Increases performance of yara by using an iterative mapping (28 minutes for 600k+ records in testing)
  • Properly catches keyboard interrupts with yara
  • Catches unicode decode errors in the networking module
  • Catches unicode encode errors in the yara module

v1.0.5

3 years ago

v1.0.5 (#32)

  • Add --silent switch to silence CHIRP output.
  • Add -v switch to increase verbose-ness of program
  • Replace custom logging method with logging builtin library (preps for #31)

v1.0.4

3 years ago

v1.0.4 (#30)

  • Provides a --non-interactive switch and actually accepts any key to exit. (#20)
  • Properly catches cases when not ran on Windows, removes mountvol as dependency. (#22)
  • Compiling with mvsc and python3.8 should remove some unknowns (#13)
  • Changing the python dll to 3.8 should allow CHIRP to run on Server 2008 R2. (#4)

Added indicator for AA21062A and updated iocs.yaml (#29)

  • Compiled IOCs in AA21-062A into a single alert. Removed network addresses associated with this alert from iocs.yaml and added them to the alert indicator.

Add Target Filepaths Argument for Yara Plugin IOC Override (#28)

  • Adds target filepath argument for CISA CHIRP which overrides IOC "files" specifications at runtime to increase tool flexibility and performance where desired.

v1.0.3

3 years ago
  • Adds ability to specify plugins to run. (#24)

v1.0.2b

3 years ago
  • Hashes now included

v1.0.2

3 years ago
  • Created a queue in chirp.common to properly handle console output (#7)
  • Resolution above also resolves (#8)
  • Added a sleep to the main method of chirp so success message prints after all output has completed.

v1.0.1

3 years ago
  • Adds dynamic drive pathing for events plugin
  • Fixes FileNotFound Exception in events plugin
  • Adds cwd to yara ignorelist

v1.0.0

3 years ago

Automatic release of v1.0.0