Adding Argus Flow Capture to the Cuckoo Sandbox
Carter Bullard
carter at qosient.com
Mon Jun 23 15:06:12 EDT 2014
Hey Dave,
Definitely will make it available.
How about putting the txt file as a CUCKOO.README file in argus/support/, putting it in
either the Deployment, or the Startup directory??
Do you think the Cuckoo group would be interested ???
Carter
On Jun 22, 2014, at 2:37 PM, David Edelman <dedelman at iname.com> wrote:
> The cuckoo sandbox already has the ability to use tcpdump to capture traffic between the sandbox and the network and Argus is very good about digesting pcap files but I thought that I would try to create a native Argus capability and for reasons that I can’t understand, it worked.
>
> The attached document has the specifics.
>
> Carter, please feel free to add this to the distribution but you probably need to look at, and modify the boilerplate at the top of the Argus.py module
>
> --Dave <<...>>
>
> <Argus for Cuckoo Sandbox.txt>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140623/9374eeeb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140623/9374eeeb/attachment.bin>
More information about the argus
mailing list