{ "info": { "author": "Yelp Security", "author_email": "opensource@yelp.com", "bugtrack_url": null, "classifiers": [], "description": "![amira](https://raw.githubusercontent.com/Yelp/amira/master/amira_github_banner.png)\n\n[![PyPI](https://img.shields.io/pypi/v/amira.svg)](https://pypi.python.org/pypi/amira)\n[![Build Status](https://travis-ci.org/Yelp/amira.svg?branch=master)](https://travis-ci.org/Yelp/amira)\n\n# AMIRA: Automated Malware Incident Response & Analysis\n\nAMIRA is a service for automatically running the analysis on the\n[OSXCollector](https://github.com/Yelp/osxcollector) output files.\nThe automated analysis is performed via\n[OSXCollector Output Filters](https://github.com/Yelp/osxcollector_output_filters),\nin particular *The One Filter to Rule Them All*: the\n[Analyze Filter](https://github.com/Yelp/osxcollector_output_filters#analyzefilter---the-one-filter-to-rule-them-all).\nAMIRA takes care of retrieving the output files from an S3 bucket,\nrunning the Analyze Filter and then uploading the results\nof the analysis back to S3 (although one could envision as well\nattaching them to the related JIRA ticket).\n\n## Prerequisites\n\n### tox\n\nThe following steps assume you have [tox](http://tox.readthedocs.org/)\ninstalled on your machine.\n\nIf this is not the case, please run:\n```bash\n$ sudo pip install tox\n```\n\n### OSXCollector Output Filters configuration file\n\nAMIRA uses OSXCollector Output Filters to do the actual analysis,\nso you will need to have a valid `osxcollector.yaml`\nconfiguration file in the working directory.\nThe example configuration file can be found in the\n[OSXCollector Output Filters](https://github.com/Yelp/osxcollector_output_filters/blob/master/osxcollector.yaml.example).\n\nThe configuration file mentions the location of the file hash and the domain\nblacklists.\nMake sure that the blacklist locations mentioned in the configuration file are\nalso available when running AMIRA.\n\n### AWS credentials\n\nAMIRA uses boto to interface with AWS.\nYou can supply the credentials using either of the possible\n[boto config files](http://boto.cloudhackers.com/en/latest/boto_config_tut.html#details).\n\nThe credentials should allow reading and deleting SQS messages\nfrom the SQS queue specified in the AMIRA config as well as\nthe read access to the objects in the S3 bucket where the OSXCollector\noutput files are stored.\nTo be able to upload the analysis results back to the S3 bucket\nspecified in the AMIRA configuration file, the credentials should\nalso allow write access to this bucket.\n\n## AMIRA Architecture\n\nThe service uses the\n[S3 bucket event notifications](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html)\nto trigger the analysis.\nYou will need to configure an S3 bucket for the OSXCollector output files,\nso that when a file is added there the notification will be sent to an SQS queue\n(`AmiraS3EventNotifications` in the picture below).\nAMIRA periodically checks the queue for any new messages\nand upon receiving one it will fetch the OSXCollector output file from the S3\nbucket.\nIt will then run the Analyze Filter on the retrieved file.\n\nThe Analyze Filter runs all the filters contained in the OSXCollector Output\nFilters package sequentially. Some of them communicate with the external\nresources, like domain and hashes blacklists (or whitelists) and threat intel\nAPIs, e.g. [VirusTotal](https://github.com/Yelp/threat_intel#virustotal-api),\n[OpenDNS Investigate](https://github.com/Yelp/threat_intel#opendns-investigate-api)\nor [ShadowServer](https://github.com/Yelp/threat_intel#shadowserver-api).\nThe original OSXCollector output is extended with all of this information and\nthe very last filter run by the Analyze Filter summarizes all of the findings\ninto a human-readable form. After the filter finishes running, the results of\nthe analysis will be uploaded to the Analysis Results S3 bucket.\n\nThe overview of the whole process and the system components involved in it are\ndepicted below:\n\n![component diagram](https://github.com/Yelp/amira/raw/master/doc/component_diagram.png \"Component Diagram\")\n\n## Using AMIRA\n\nThe main entry point to AMIRA is in the `amira/amira.py` module.\nYou will first need to create an instance of AMIRA class by providing the AWS\nregion name, where the SQS queue with the event notifications for the\nOSXCollector output bucket is, and the SQS queue name:\n\n```python\nfrom amira.amira import AMIRA\n\namira = AMIRA('us-west-1', 'AmiraS3EventNotifications')\n```\n\nThen you can register the analysis results uploader, e.g. the S3 results\nuploader:\n\n```python\nfrom amira.s3 import S3ResultsUploader\n\ns3_results_uploader = S3ResultsUploader('amira-results-bucket')\namira.register_results_uploader(s3_results_uploader)\n```\n\nFinally, run AMIRA:\n```python\namira.run()\n```\n\nGo get some coffee, sit back, relax and wait till the analysis results pop up\nin the S3 bucket!\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/Yelp/amira", "keywords": "", "license": "The MIT License (MIT)", "maintainer": "", "maintainer_email": "", "name": "amira", "package_url": "https://pypi.org/project/amira/", "platform": "", "project_url": "https://pypi.org/project/amira/", "project_urls": { "Homepage": "https://github.com/Yelp/amira" }, "release_url": "https://pypi.org/project/amira/1.2.1/", "requires_dist": [ "boto", "osxcollector-output-filters (>=1.1.1)", "simplejson" ], "requires_python": "", "summary": "Automated Malware Incident Response and Analysis", "version": "1.2.1" }, "last_serial": 5959470, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "fa5621e6826dfd452e1f3df94e58cd0d", "sha256": "c3b29ea670c15cac6da897efc0b1909fee60d84f4be7aa2ef35d4c9661968834" }, "downloads": -1, "filename": "amira-1.0.0.tar.gz", "has_sig": false, "md5_digest": "fa5621e6826dfd452e1f3df94e58cd0d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6263, "upload_time": "2016-08-23T00:52:55", "url": "https://files.pythonhosted.org/packages/cc/0a/aaed55d7e8962f5ad0806a192c3a5ea0a8f5911bdf6badef5abefa71106c/amira-1.0.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "d826b98443ddf797fc7c2ab4fc8c2029", "sha256": "f2de528607f395d2c5304d16e4eb31735d1de870e03d5bebb83fc54cd69dc779" }, "downloads": -1, "filename": "amira-1.0.1.tar.gz", "has_sig": false, "md5_digest": "d826b98443ddf797fc7c2ab4fc8c2029", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6346, "upload_time": "2016-10-28T23:13:14", "url": "https://files.pythonhosted.org/packages/da/0e/75ccbac9c2a41a0313995928c6f40fa08275b86aaf56f4a7061c8be796e1/amira-1.0.1.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "6cd5a5448d9d3a746f9b12a2f8078767", "sha256": "f5fbe80c4771c24bbc9693206b12474edbb32da470ff583a1857119019004b59" }, "downloads": -1, "filename": "amira-1.0.2.tar.gz", "has_sig": false, "md5_digest": "6cd5a5448d9d3a746f9b12a2f8078767", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4794, "upload_time": "2017-02-03T21:50:16", "url": "https://files.pythonhosted.org/packages/cb/45/01ec26816cd844b89bcff6917a5fc6d624d25f622bf32e3563a345ba90d0/amira-1.0.2.tar.gz" } ], "1.0.4": [ { "comment_text": "", "digests": { "md5": "cb9ab0f2f04e5a0b281dd34529252996", "sha256": "3d5210e5f102fbf84e9abf36bbdd5b1df53868d03d7e9adaa8bf253ea63aa2dc" }, "downloads": -1, "filename": "amira-1.0.4.tar.gz", "has_sig": false, "md5_digest": "cb9ab0f2f04e5a0b281dd34529252996", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4721, "upload_time": "2017-07-11T19:23:27", "url": "https://files.pythonhosted.org/packages/93/2e/1c1f9d64263c5316de718c6c3af0fc0b53887371c91cb45f020cbc28d70f/amira-1.0.4.tar.gz" } ], "1.0.8": [ { "comment_text": "", "digests": { "md5": "e5b3e4395fb29546441f7143d12586b5", "sha256": "d1a367cb06fbe8b7315038db2cb0d37db85126283a4b50afd400c8c7b608ce50" }, "downloads": -1, "filename": "amira-1.0.8.tar.gz", "has_sig": false, "md5_digest": "e5b3e4395fb29546441f7143d12586b5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7221, "upload_time": "2018-12-06T21:34:37", "url": "https://files.pythonhosted.org/packages/05/77/22abb8fcfb0022b923dd841aa645ebbde4850eac98e4858fbd8bb3222b6a/amira-1.0.8.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "faeb5e9dab12fb9efad2d0de3ef197a4", "sha256": "24da8c60bff2d820684b63a5885f0f3b87b8e96f43c0775e3f3ca604b247bcfa" }, "downloads": -1, "filename": "amira-1.1.0-py2-none-any.whl", "has_sig": false, "md5_digest": "faeb5e9dab12fb9efad2d0de3ef197a4", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 9398, "upload_time": "2019-04-05T16:26:31", "url": "https://files.pythonhosted.org/packages/2a/1a/7c51f694baad38e4dfb6eed8f894ca8b5fa491cb83a38c0faa9026d15080/amira-1.1.0-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "488593e40ef730963053d16ee3f7da26", "sha256": "33f4eec103e911830a11f3f3c45db918164f752f0938af05f4afd5b43a94e18c" }, "downloads": -1, "filename": "amira-1.1.0.tar.gz", "has_sig": false, "md5_digest": "488593e40ef730963053d16ee3f7da26", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7945, "upload_time": "2019-04-05T16:26:33", "url": "https://files.pythonhosted.org/packages/76/b7/b866900afb206c0488d0fa4c314d9d22a2bd4d3d306d40df8623c8250287/amira-1.1.0.tar.gz" } ], "1.1.1": [ { "comment_text": "", "digests": { "md5": "41e7f3a9b031ba2728a93d756411c15f", "sha256": "05c317dbcda429602a2115ff9fab422b0bae343374ae7cadc78e8df3c7b61762" }, "downloads": -1, "filename": "amira-1.1.1-py3-none-any.whl", "has_sig": false, "md5_digest": "41e7f3a9b031ba2728a93d756411c15f", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9454, "upload_time": "2019-04-18T16:44:52", "url": "https://files.pythonhosted.org/packages/77/f6/d1eba5475ebf1e08413b6d583863ff3fb2c505c708d9385bd8460cfcfe8e/amira-1.1.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "5cecbe13c1787e6d0c0ead4778ce449e", "sha256": "8c9b6f38c2f2c89e532abb195c999be6c0c10f07ece75ff5e9f901d6baf890dc" }, "downloads": -1, "filename": "amira-1.1.1.tar.gz", "has_sig": false, "md5_digest": "5cecbe13c1787e6d0c0ead4778ce449e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8742, "upload_time": "2019-04-18T16:44:54", "url": "https://files.pythonhosted.org/packages/98/61/322cd19899186abc7ae52c563dae03bd7589456b0e93278ba295df34bcd8/amira-1.1.1.tar.gz" } ], "1.1.2": [ { "comment_text": "", "digests": { "md5": "99e33041a9441fa930343867acfedd44", "sha256": "32ea95e27348f030212d6f3789f932c6fde1f4af6aadfcdf03452a69b1cbb10d" }, "downloads": -1, "filename": "amira-1.1.2-py3-none-any.whl", "has_sig": false, "md5_digest": "99e33041a9441fa930343867acfedd44", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9473, "upload_time": "2019-04-18T17:41:52", "url": "https://files.pythonhosted.org/packages/b8/f8/17a24e2c7563a08c29ac8edf9eb66244e7bbb780d37784287911b82ece56/amira-1.1.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "428bd8f3afea9a8583b08b4176eb7683", "sha256": "a6ff7d6beaa3518ce3def47c2053d2ba9e1c6f6cde315b27919cb54c6284e1b3" }, "downloads": -1, "filename": "amira-1.1.2.tar.gz", "has_sig": false, "md5_digest": "428bd8f3afea9a8583b08b4176eb7683", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8748, "upload_time": "2019-04-18T17:41:53", "url": "https://files.pythonhosted.org/packages/ae/93/e411e16adb5ca7de4a343de9815262fe0c8d8fff45a9f73c9c09aa972689/amira-1.1.2.tar.gz" } ], "1.1.3": [ { "comment_text": "", "digests": { "md5": "2304ec0baa96de8835f467762b6e575b", "sha256": "8b4ea5a11f2ef9e4fceec4da9c72c88c3c130135db89f4d670464e90aa523747" }, "downloads": -1, "filename": "amira-1.1.3-py3-none-any.whl", "has_sig": false, "md5_digest": "2304ec0baa96de8835f467762b6e575b", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9558, "upload_time": "2019-04-18T18:59:24", "url": "https://files.pythonhosted.org/packages/d6/7c/4cce2ab8d01ee3d205561a7ff377b0d86b9e7d6b5a89764832b3aa53b5e9/amira-1.1.3-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e97d6965dedbfa4f81e5cd16028af58f", "sha256": "f35934df50965b8527b8fa3ddd6ba9f869c0dea732bd410bf49792fd662e6a17" }, "downloads": -1, "filename": "amira-1.1.3.tar.gz", "has_sig": false, "md5_digest": "e97d6965dedbfa4f81e5cd16028af58f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8835, "upload_time": "2019-04-18T18:59:26", "url": "https://files.pythonhosted.org/packages/b8/05/00754d7ae4fceb944989dc505de7bb7539ee869546776115c6c442b1b577/amira-1.1.3.tar.gz" } ], "1.1.4": [ { "comment_text": "", "digests": { "md5": "af874ab95699f1300d71eb2a01858dcd", "sha256": "71e59942fc41d4579362345e33bf6044c0a3454d5a268c763958ef071a14b427" }, "downloads": -1, "filename": "amira-1.1.4-py3-none-any.whl", "has_sig": false, "md5_digest": "af874ab95699f1300d71eb2a01858dcd", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9570, "upload_time": "2019-04-25T10:56:50", "url": "https://files.pythonhosted.org/packages/0c/00/211ef302d2eec67543ce5cd70316362aedf5608f686097336aa234c67d4f/amira-1.1.4-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "52e6990c870110d9adffff5f3df090d3", "sha256": "76002fd4b2f2c5f80a46662ae32b14b40339b258ba542a66b902e53f552a555d" }, "downloads": -1, "filename": "amira-1.1.4.tar.gz", "has_sig": false, "md5_digest": "52e6990c870110d9adffff5f3df090d3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8851, "upload_time": "2019-04-25T10:56:51", "url": "https://files.pythonhosted.org/packages/d7/57/3687f36a7cf0b7453e95a69652aca4ff65dabef17d44c1e1ef7cd245f866/amira-1.1.4.tar.gz" } ], "1.1.5": [ { "comment_text": "", "digests": { "md5": "6f002cc41a0f5a53af65fdf6b381491d", "sha256": "03dce9d7198e505548ca8e13aecc09e91b7691bd4a237ab3714dd75831b00484" }, "downloads": -1, "filename": "amira-1.1.5-py3-none-any.whl", "has_sig": false, "md5_digest": "6f002cc41a0f5a53af65fdf6b381491d", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9707, "upload_time": "2019-06-19T15:41:46", "url": "https://files.pythonhosted.org/packages/ba/ee/a805ad800f90e6dbc258fdeb37f81c243130a22a9855c856ccf67cfa8aa4/amira-1.1.5-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "533a1e3666109ad8c42c4a134442d07f", "sha256": "d78bd1441a5081913d1a7791c57cd9e8d877e17f0665dea9e9a735c337a7fa8a" }, "downloads": -1, "filename": "amira-1.1.5.tar.gz", "has_sig": false, "md5_digest": "533a1e3666109ad8c42c4a134442d07f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8956, "upload_time": "2019-06-19T15:41:47", "url": "https://files.pythonhosted.org/packages/a8/cf/0193133f1d87812e82473e71fb1f0acafc306f01982691ce688996c172e2/amira-1.1.5.tar.gz" } ], "1.2.0": [ { "comment_text": "", "digests": { "md5": "9f20b765c1f76fae751b04acd957f9ee", "sha256": "86e62154a7b9ac8c3cc9e5fbc02be4a4438b019dfe751ca4a1745dd436089905" }, "downloads": -1, "filename": "amira-1.2.0-py3-none-any.whl", "has_sig": false, "md5_digest": "9f20b765c1f76fae751b04acd957f9ee", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 10685, "upload_time": "2019-10-09T13:51:32", "url": "https://files.pythonhosted.org/packages/a1/13/878d2a83b35920010669ce2e267740ecb99e55c452878952575be09c9b77/amira-1.2.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "ac02f24100c1cbe516225644c8f79e45", "sha256": "0bb8b7c755f1d3e31e0f598a61336098a7f4c23b448cc92746b9f4e159174e77" }, "downloads": -1, "filename": "amira-1.2.0.tar.gz", "has_sig": false, "md5_digest": "ac02f24100c1cbe516225644c8f79e45", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9322, "upload_time": "2019-10-09T13:51:34", "url": "https://files.pythonhosted.org/packages/08/4b/ac9841b9ef88d1dc119ce6875671495d5f3b512dd6077f001182cd82d86a/amira-1.2.0.tar.gz" } ], "1.2.1": [ { "comment_text": "", "digests": { "md5": "53707a367c4797c76af915d15c3c6db3", "sha256": "e2ebbb0307ceaddc8d7bbac6627427e884bfadbdca4f69418c3b9d32e805d99b" }, "downloads": -1, "filename": "amira-1.2.1-py3-none-any.whl", "has_sig": false, "md5_digest": "53707a367c4797c76af915d15c3c6db3", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 10683, "upload_time": "2019-10-11T09:47:39", "url": "https://files.pythonhosted.org/packages/e4/0c/3604716c97416e0e062c3f9ca57c748c1e5ec58c64717250121bffe2dc15/amira-1.2.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3287cec00517e17a1a1fadf7edf145ed", "sha256": "64183ff7647de6a5b2abe50c7dab5fcce4a29c7223e20f7811ca7d549e4299a6" }, "downloads": -1, "filename": "amira-1.2.1.tar.gz", "has_sig": false, "md5_digest": "3287cec00517e17a1a1fadf7edf145ed", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9320, "upload_time": "2019-10-11T09:47:40", "url": "https://files.pythonhosted.org/packages/31/fd/6b352e73bd1aeeee8a5700ff6b252357cfe8046770fe1b472f0b3d38b83c/amira-1.2.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "53707a367c4797c76af915d15c3c6db3", "sha256": "e2ebbb0307ceaddc8d7bbac6627427e884bfadbdca4f69418c3b9d32e805d99b" }, "downloads": -1, "filename": "amira-1.2.1-py3-none-any.whl", "has_sig": false, "md5_digest": "53707a367c4797c76af915d15c3c6db3", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 10683, "upload_time": "2019-10-11T09:47:39", "url": "https://files.pythonhosted.org/packages/e4/0c/3604716c97416e0e062c3f9ca57c748c1e5ec58c64717250121bffe2dc15/amira-1.2.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3287cec00517e17a1a1fadf7edf145ed", "sha256": "64183ff7647de6a5b2abe50c7dab5fcce4a29c7223e20f7811ca7d549e4299a6" }, "downloads": -1, "filename": "amira-1.2.1.tar.gz", "has_sig": false, "md5_digest": "3287cec00517e17a1a1fadf7edf145ed", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9320, "upload_time": "2019-10-11T09:47:40", "url": "https://files.pythonhosted.org/packages/31/fd/6b352e73bd1aeeee8a5700ff6b252357cfe8046770fe1b472f0b3d38b83c/amira-1.2.1.tar.gz" } ] }