AMIRA- Automated Malware Incident Response & Analysis

AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All: the Analyze Filter.  This tool takes care of retrieving the output files from an S3 bucket, running the Analyze Filter and then uploading the results of the analysis back to S3 (although one could envision as well attaching them to the related JIRA ticket).

The tool uses OSXCollector Output Filters to do the actual analysis, so you will need to have a valid osxcollector.yaml configuration file in the working directory. The example configuration file can be found in the OSXCollector Output Filters.

component_diagram

AMIRA- Component Diagram

Using this tool you can automate your Incident response and will make the task executed faster. you can read more about OSXCollector on our previous post: http://www.sectechno.com/osxcollector-forensic-collection-analysis-toolkit/

While you can read more about this tool over here: https://github.com/Yelp/

Share