Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
PanoptesYara.h
Go to the documentation of this file.
1#pragma once
2#include "ExtensibilityCore.h"
3#include <vector>
4extern "C" {
5#include "yara_x.h"
6}
7
8#define VERSION "1.0.0"
9using namespace std;
10
12class PanoptesServiceClient {
13public:
14 PanoptesServiceClient();
15 bool Hello(ExtensibilityType extensibilityType, int ContainerPort);
16 bool SendResults_Yara(std::string PePath, std::string FileHash, std::vector<std::string> DetectedRules);
17};
18
20class YaraScanner {
21private:
23 YRX_RULES* g_yaraRules = nullptr;
24public:
26 struct ScanData
27 {
28 int detections;
29 std::vector<std::string> detectedRules;
30 };
31
32 YaraScanner(const char* Rules);
33 ~YaraScanner();
34 std::vector<std::string> YaraScanFile(std::string PathToFile);
35};
ExtensibilityType
ExtensibilityType
The type of extensibility.
Definition ExtensibilityCore.h:10
PanoptesServiceClient
Panoptes Service Client that is used to communicate with the Panoptes Service via.
Definition container_ipc.hpp:36
PanoptesServiceClient::SendResults_Yara
bool SendResults_Yara(std::string PePath, std::string FileHash, DWORD ProcessId, std::string YaraRulesPath, INT MatchRules, std::vector< std::string > DetectedRules)
PanoptesServiceClient::Hello
bool Hello(ExtensibilityType extensibilityType, int ContainerPort)
YaraScanner
The YaraScanner class that is used to scan a file using YARA rules.
Definition PanoptesYara.h:20
YaraScanner::YaraScanFile
std::vector< std::string > YaraScanFile(std::string PathToFile)
Scan a file using YARA rules.
Definition yara-scan.cpp:81
YaraScanner::~YaraScanner
~YaraScanner()
Destructor for the YaraScanner class that destroys the YARA rules.
Definition yara-scan.cpp:53
YaraScanner::ScanData
The data that is sent to the Panoptes Service.
Definition PanoptesYara.h:27
YaraScanner::ScanData::detectedRules
std::vector< std::string > detectedRules
Definition PanoptesYara.h:29
Generated by doxygen 1.9.8