yarastorm package

Submodules

yarastorm.api module

The CellApi implementation for yarastorm.

class yarastorm.api.YaraApi

Bases: CellApi, StormSvc

The Telepath API endpoints for the triage-sandbox service.

async compileRule(yara_rule, check: bool = False) → BoolRetn

Compile the given Yara rule and save it to this Cell’s storage.

async matchFile(file_sha256: str, yara_rule) → BoolRetn

Test if a Yara rule matches a given file in the Axon.

yarastorm.defs module

The Python definition of the yarastorm Storm package.

class yarastorm.defs.GormoYaraPkg(check_syntax: bool = True, proto_dir: str | None = None)

Bases: StormPkg

The gormo.yara Storm package for the yarastorm service.

proto_name: str | None = 'gormo.yara'

The basename of this Storm package’s Yaml proto file.

yarastorm.svc module

The yarastorm service.

class yarastorm.svc.YaraSvc

Bases: Cell

The Cell implementation for the yarastorm service.

cellapi

alias of YaraApi

async compileRule(yara_rule: tuple[tuple[str, str], stormlibpp.node.NodeVals], check: bool = False) → BoolRetn

Compile the given Yara rule and save it to this Cell’s storage.

confdefs = {'axon_url': {'description': 'The Telepath URL for an Axon service. This Axon is used to pull files for Yara matching.', 'type': 'string'}, 'rule_dir': {'default': 'rules/', 'description': "The directory that compiled Yara rules are saved in. This directory is relative to the Cell's 'dirn' path.", 'type': 'string'}}

async matchFile(file_sha256: str, yara_rule: tuple[tuple[str, str], stormlibpp.node.NodeVals]) → BoolRetn

Test if a Yara rule matches a given file in the Axon.

Module contents

The yarastorm Python Package.