Package: wnpp Severity: wishlist * Package name : laika-boss Version : 0.1 Upstream Author : Lockheed Martin Corporation * URL : https://github.com/lmco/laikaboss * License : Apache 2.0 Programming Lang: Python Description : laika is an object scanner and intrusion detection system
Laika BOSS: Object Scanning System Whitepaper can be found: http://lockheedmartin.com/content/dam/lockheed/data/isgs/documents/LaikaBOSS%20Whitepaper.pdf Laika is an object scanner and intrusion detection system that strives to achieve the following goals: * Scalable - Work across multiple systems - High volume of input from many sources * Flexible - Modular architecture - Highly configurable dispatching and dispositioning logic - Tactical code insertion (without needing restart) * Verbose - Generate more metadata than you know what to do with Each scan does three main actions on each object: * Extract child objects - Some objects are archives, some are wrappers, and others are obfuscators. Whatever the case may be, find children objects that should be scanned recursively by extracting them out. * Mark flags - Flags provide a means for dispositioning objects and for pivoting on future analysis. * Add metadata - Discover as much information describing the object for future analysis. Laika is composed of the following pieces: * Framework (laika.py) - This is the core of Laika BOSS. It includes the object model and the dispatching logic. * laikad - This piece contains the code for running Laika as a deamonized, networked service using the ZeroMQ broker. * cloudscan - A command-line client for sending a local system file to a running service instance of Laika (laikad). * modules - The scan itself is composed of the running of modules. Each module is its own program that focuses on a particular sub-component of the overall file analysis.