Analysis engine (doc in progress)

List of available analyses

• File parsers
  • How parsing is done
  • File carving
  • Supported file formats
  • Writing new parsers
• Disassembler
  • Supported architectures
• CFG reconstruction
• Functions recovery
• String analysis
  • String extraction algorithms
  • Strings score
  • Strings tag
  • Dynamic strings
• Known patterns identification
  • Constant scanner
  • FLIRT signatures
• Yara signatures
  • Importing a ruleset split in multiple files
  • Rules writing/importing guideline
• Anomaly scanner
  • What are anomalies?
  • Write your own anomaly
• Kesakode
  • How does it work?
  • Use cases
  • Kesakode frequently asked questions
• Threat intelligence providers
  • What are intelligence providers?
  • Writing your own threat intelligence provider
• Custom types
  • Apply custom types
  • Add new custom types