Cuckoo sandbox running in SO

[Carlos A Ayala]

Hi guys does anyone is running Cuckoo Sandbox in SO?

I did the installation and scripts trying to automate the executables analysis extracted by bro and sending to the sandbox for malware analysis, but I am getting a couple of error messages doing the dynamic analysis:


2016-01-30 00:36:37,580 [lib.cuckoo.core.guest] DEBUG: xp-pruebas: analysis not completed yet (status=2)
2016-01-30 00:36:38,585 [lib.cuckoo.core.guest] DEBUG: xp-pruebas: analysis not completed yet (status=2)
2016-01-30 00:36:39,592 [lib.cuckoo.core.guest] DEBUG: xp-pruebas: analysis not completed yet (status=2)
2016-01-30 00:36:40,596 [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating.

Any feedback will be appreciated

Carlos Ayala

[Jeffery Myers]

Interesting idea to run automated malware analysis "inside" of the IDS.  Seems logical but I would prefer, for lots and lots of good reasons, to isolate the malware analysis sandbox into its own VM or physical device.  Updating/upgrading SO is a task unto itself. Much better now with soup. Updating Cuckoo Sandbox is an all together different endeavor to be sure.  Having to update a system running BOTH automated analysis AND IDS is asking for issues IMHO.

That said, can you provide some info on the processor and RAM resources on this box?  Cuckoo Sandbox alone needs lots of memory to run efficiently.

This email has been sent from a virus-free computer protected by Avast. www.avast.com

Carlos Ayala

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.