Skip to content
This repository has been archived by the owner on May 29, 2024. It is now read-only.

Threat Bus 2020.12.16
Compare
Choose a tag to compare
@0snap 0snap released this 16 Dec 14:07
2020.12.16
6f70549
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Matching Metrics & Systemd Units

This release brings new Systemd unit files to Threat Bus and pyvast-threatbus. Tenzir updates and maintains these unit files as part of the Threat Bus repository. Both unit files are sandboxed, feature dynamic users, and aim at generally protecting the Linux host-system.

Additionally, pyvast-threatbus now collects basic application metrics about matching with VAST. It writes out these metrics to a file in a configurable interval. The collected metrics differ depending on the use-case: for retro-matching, pyvast-threatbus collects the amount of retro-matches per IoC together with the query-time per IoC. For live-matching, pyvast-threatbus simply collects the amount of matches in general. For both cases it always meters the number of added and removed IoCs.

Changelog Highlights

As always, you can find the full technical scoop in our changelogs for Threat Bus and pyvast-threatbus

🎁 Features

  • You can now find sandboxed unit files to run Threat Bus and pyvast-threatbus as system services via systemd. These files are officially maintained by us. #77
  • pyvast-threatbus now collects basic application metrics about matching with VAST. #85

⚠️ Changes

  • pyvast-threatbus has dropped support for all command-line options, except --help and --config. The application can only be run with a valid config.yaml configuration file. #85
Assets 3
Loading