Django web interface for managing Yara rules
A django web interface for managing Yara rules. The manager enables users to:
* Search for specific rules based on rule characteristics
* Categorize and organize rules easily and in bulk
* Make bulk edits on desired/filtered rules
* Track characteristics of the entire rule repository
* Automatically prevent and detect duplicate entries
Get stats data on the entire rule repository
Search, manage, and export rules matching specific criteria
View and perform in-place edits on search results
Modify or update a large set of rules based on various characteristics
Base django application requirements can be installed via vagrantfile or install.sh
Settings are specified either via ENV variables or the config.json file
Activate python environment
Use the Django manage.py to create initial tables and superuser
Collect static files
Run the server
Build the image
Prepare static files
Perform DB Migrations and Create initial user
Run YaraGuardian
The following are the available configurable settings to be specified via environment variables or the config.json file:
SECRET_KEY
DATABASE_NAME
DATABASE_USER
DATABASE_PASS
DATABASE_HOST
DATABASE_PORT
DEBUG
ALLOWED_HOSTS
GUEST_REGISTRATION
EMAIL_HOST
EMAIL_PORT
EMAIL_USER
EMAIL_PASSWORD
EMAIL_USE_TLS
EMAIL_SSL_CERTFILE
EMAIL_SSL_KEYFILE
DEFAULT_FROM_EMAIL
GOOGLE_OAUTH2_KEY
GOOGLE_OAUTH2_SECRET
REDIRECT_HTTPS
HIDE_API_DOCS
GOOGLE_WHITELISTED_DOMAINS
GOOGLE_WHITELISTED_EMAILS
Account registrations can be enabled by changing the "GUEST_REGISTRATION" config to either "INVITE" or "PUBLIC".
"INVITE" registration requires that a registration token be sent to the prospective guest. Tokens can be generated within the 'Admin Console'.
"PUBLIC" registration is completely open. Anyone who signs up can create an account.
Yara rule files can be ingested automatically using the following command line Utilities.
UploadDirectory: This command will recursively traverse specified directories and process all yara rule files present. If the folder_as option is used, the field specified will be replaced with the folder name that the file is located in. Please note that the folder name will be 'forced' and therefore added to the groups options even if it did not previously exist.
pipenv shell
python manage.py UploadDirectory {DIRECTORIES} --source={SOURCE} --category={CATEGORY} --user={USER} --group={GROUP} --folder_as={source|category}
UploadMasterFile: This command will process a master file and its associated imports
pipenv shell
python manage.py UploadMasterFile {MASTERFILES} --source={SOURCE} --category={CATEGORY} --user={USER} --group={GROUP}
Each user has their own rule context/corpus which they completely control
Additional contexts can be generated
Uses Django REST Framework so you can automate or build a new UI for rule management. Endpoint documentation can be found at /API on a running instance of YaraGuardian.
For those who are interested in contributing to YaraGuardian, please take a moment to look over the contribution guidelines.