BinaryAlert is a serverless, real-time framework for detecting malicious files. BinaryAlert can efficiently analyze millions of files a day with a configurable set of YARA rules and will trigger an alert as soon as anything malicious is discovered! Organizations can deploy BinaryAlert to their AWS account in a matter of minutes, allowing them to analyze internal files and documents within the confines of their own environment.
- Built with Amazon Web Services (AWS): An AWS account is all you need to deploy BinaryAlert.
- Broad YARA support: BinaryAlert includes dozens of YARA rules out-of-the-box and makes it easy to add your own rules or clone them from other repositories.
- Real-Time: Files uploaded to BinaryAlert (S3 bucket) are immediately queued for analysis.
- Serverless: All computation is handled by Lambda functions. No servers to manage means stronger security and automatic scaling!
- Infrastructure-As-Code: The entire infrastructure is described with Terraform configuration files, enabling anyone to deploy BinaryAlert in a matter of minutes with a single command.
- Retroactive Analysis: After updating the YARA ruleset, BinaryAlert can retroactively scan the entire file corpus to find any new matches.
- Production-Ready: BinaryAlert ships with a custom metric dashboard and alarms which automatically trigger on error conditions.
- Low Cost: The AWS bill is based only on how many files you upload and how often they are re-analyzed.
Table of Contents¶
- Getting Started
- Creating an IAM Group
- Adding YARA Rules
- Analyzing Files
- YARA Matches
- Metrics and Monitoring
- Troubleshooting / FAQ
- How long does it take a file to be analyzed?
- What’s the filesize limit?
- YARA rules with “hash” or “imphash” fail to compile
- How much does BinaryAlert cost?
- Does BinaryAlert automatically test YARA rules?
- Why did my live test fail?
- How do I setup YARA match / metric alarm alerts?
- Analyzer timeouts
- Terraform destroy fails because “bucket is not empty”
- Contact Us