Binalyze DRONE Product Release v2.2.0
Welcome to the DRONE Release Notes blog post series.
Enterprise Forensics Platform
Welcome to the DRONE Release Notes blog post series.
🚀 New
Sigma Linux Support - run Sigma rules live on a Linux machine
Events Log Search with Sigma -search system logs and execute Sigma rules
Running Sigma rules on a live machine is one of the key benefits of DRONE and now it is supported on Linux machines as well. Staying up to date with the latest public Sigma repositories is easy with the Sigma public repository synchronization feature. If there are any new rules available, instead of adding them manually, just use the sync feature and DRONE will automatically support them.
To sync with publicly available Sigma rules and the ones provided in your config file run this command: ./drone --sync-sigma
Automatically all Sigma rules from the SigmaHQ repository will be available in DRONE and you can use them to run either on a live machine.
How to run SIGMA rules in DRONE?
Simple. Run DRONE from the command line and add the following command:
./drone -n -a sla
This analyzer searches Sysmon logs and Auditd logs collected in the running Linux OS and executes Sigma rules on them. In this way you can have wide insight into your network for even a small possibility of a malicious trace.
Log Sources:
- sysmon -> /var/log/syslog
- auditd -> /var/log/auditd/audit.log
🌟 Improvements
Improved command keyword search.
Improved Tower UI/UX.
Improved Application Analyzer.
Improved DRONE performance.
Improved Prefetch Analyzer.
Improved YARA Scanners.
🔧 Fixes
Fixed an issue with TOR usage checks.
Fixed an issue with Sigma execution.
Fixed an issue with Linux Process Analyzer.
Fixed an issue with MFT Analyzer.
Hash scanner verdict level changed from Dangerous to Matched.
If there is any feature you would like to see in Binalyze DRONE, please share it with us here.