{ "metadata": { "name": "", "signature": "sha256:3d611d2e47fe19b82f234319492f2c5a54c840555b581d4b3330e6df506ba867" }, "nbformat": 3, "nbformat_minor": 0, "worksheets": [ { "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "
\n", "# Workbench: Adding a worker \n", "We believe that transparency, flexibility and on-site customization are critical to an agile security framework. In this notebook we illustrate how easy it is to add workers to Workbench and more importantly how to codify your teams domain knowledge for on-site customization and agility.\n", "\n", "**Tools in this Notebook:**\n", "- Workbench: Open Source Security Framework [Workbench GitHub](https://github.com/SuperCowPowers/workbench)\n", "- Bro Network Security Monitor (http://www.bro.org)\n", "- Pandas: Python Data Analysis Library (http://pandas.pydata.org)\n", "\n", "**More Info:** \n", "- See [Workbench Demo Notebook](http://nbviewer.ipython.org/github/SuperCowPowers/workbench/blob/master/workbench/notebooks/Workbench_Demo.ipynb) for a lot more info on using workbench.\n", "\n", "$ workbench_server\n", "" ] }, { "cell_type": "code", "collapsed": false, "input": [ "# Lets start to interact with workbench, please note there is NO specific client to workbench,\n", "# Just use the ZeroRPC Python, Node.js, or CLI interfaces.\n", "import zerorpc\n", "c = zerorpc.Client()\n", "c.connect(\"tcp://127.0.0.1:4242\")" ], "language": "python", "metadata": {}, "outputs": [ { "metadata": {}, "output_type": "pyout", "prompt_number": 1, "text": [ "[None]" ] } ], "prompt_number": 1 }, { "cell_type": "markdown", "metadata": {}, "source": [ "\n", "\n", "## So I'm confused what am I suppose to do with workbench? \n", "
\n", " | entropy | \n", "md5 | \n", "packed | \n", "sha1 | \n", "sha256 | \n", "ssdeep | \n", "
---|---|---|---|---|---|---|
0 | \n", "7.894680 | \n", "033d91aae8ad29ed9fbb858179271232 | \n", "probably | \n", "83ab10907b254752f312c89125957f10d35cb9d4 | \n", "eb107c004e6e1bbd3b32ad7961661bbe28a577b0cb5dac... | \n", "1536:h6+LbfPbI5dzmJu9Tgj5aOItvEqRCHW9pjVrs2ryr... | \n", "
1 | \n", "2.440069 | \n", "0cb9aa6fb9c4aa3afad7a303e21ac0f3 | \n", "probably not | \n", "96e85768a12b2f319f2a4f0c048460e1b73aa573 | \n", "4ecf79302ba0439f62e15d0526a297975e6bb32ea25c8c... | \n", "192:a8jJIFYrq9ATskBTp2jLDL3P1oynldvSo71nF:oFpN... | \n", "
2 | \n", "5.125292 | \n", "0e882ec9b485979ea84c7843d41ba36f | \n", "probably not | \n", "12fb0a1b7d9c2b2a41f4da9ce5bbfb140fb16939 | \n", "616cf9e729c883d979212eb55178b7aac80dd9f58cb449... | \n", "768:5HyLMqtEM1Htz8kDmP9l+nZZYp41oj7EZmJxl/N9j6... | \n", "
3 | \n", "6.303055 | \n", "0e8b030fb6ae48ffd29e520fc16b5641 | \n", "probably not | \n", "82d57b8302b7497b2f6943f18e2d2687b9b0f5eb | \n", "feaf72bdad035e198d297bfb0b8d891645f1dacd78f0db... | \n", "1536:1uNqjqzs1hQHhInEeJMzcmGqyF7Jwe9pvUo+5TDU4... | \n", "
4 | \n", "7.593283 | \n", "0eb9e990c521b30428a379700ec5ab3e | \n", "probably | \n", "b778fc55f0538de865d4853099a3faa0b29f311d | \n", "dc5e8176a5f012ebdb4835f9b570a12c045d059f6f5bdc... | \n", "1536:KcE4iMgXjTJpdGaaJG6Mhawv7r9ZaobsLBq+h5ttB... | \n", "
5 rows \u00d7 6 columns
\n", "\n", " | \n", " | entropy | \n", "
---|---|---|
packed | \n", "\n", " | \n", " |
probably | \n", "count | \n", "23.000000 | \n", "
mean | \n", "7.612472 | \n", "|
std | \n", "0.290949 | \n", "|
min | \n", "7.066162 | \n", "|
25% | \n", "7.339412 | \n", "|
50% | \n", "7.778263 | \n", "|
75% | \n", "7.852313 | \n", "|
max | \n", "7.919686 | \n", "|
probably not | \n", "count | \n", "27.000000 | \n", "
mean | \n", "5.832247 | \n", "|
std | \n", "1.017639 | \n", "|
min | \n", "2.440069 | \n", "|
25% | \n", "5.564519 | \n", "|
50% | \n", "5.967721 | \n", "|
75% | \n", "6.537146 | \n", "|
max | \n", "6.998708 | \n", "
16 rows \u00d7 1 columns
\n", "