Usage: $ python -m osxcollector.output_filters.find_domains -h To run and see lines where domains have been added try: $ python -m osxcollector.output_filters.find_domains -i RomeoCredible.json | \ The domains are added to the line with the key osxcollector_domains.įindDomainsFilter isn't too useful on it's own but it's super powerful when chained with filters like FindBlacklistedFilter and or osxcollector.output_domains.LookupDomainsFilter. Osxcollector.output_filters.find_domains.FindDomainsFilter attempts to find domain names in OSXCollector output. Using combinations of these basic filters, an analyst can figure out a lot of what happened without expensive tools, without threat feeds or fancy APIs. Make a copy and then modify if for yourself: $ cp osxcollector.yaml The path pointed to by the environment variable OSXCOLLECTOR_CONF.Ī sample config is included.The filter will look for the configuration file in: The configuration for filters is done in a YAML file. Many filters require configuration, like API keys or details on a blacklist. $ source virtualenv_run/bin/activate # Not necessary if you use aactivator Filter Configuration
#BEST JSON VIEWER OS X 2017 INSTALL#
To setup a virtualenv for the first time use: $ sudo pip install tox virtualenv The best solution for ensure dependencies can be found is to use virtualenv. Unlike osxcollector.py filters have dependencies that aren't already installed on a new Mac. The goal of filters is to make it easy to analyze OSXCollector output.Įach filter has a single purpose. The osxcollector.output_filters package contains filters that process and transform the output of OSXCollector.
0 kommentar(er)
