EngineObjectInterface - carbonblack/cbc-binary-toolkit GitHub Wiki

Interface: Engine Object

Create an object implementing this interface to send binary data to an analysis engine other than the built-in YARA one in order to find Indicators of Compromise (IOCs).

Your object must implement all methods defined in this reference.

analyze method

def analyze(self, binary_metadata):

This method is called from the main analysis loop to analyze binary data, once for each item being analyzed.

Parameters:

• binary_metadata (type: dict) - The metadata for the file being analyzed. This information will always conform to the BinaryMetadata schema.

Returns:

(type: dict) The response from your engine's analysis of the binary data. This return value must conform to the EngineResponse schema. (It will be verified after it's returned from your engine object.)