Overview
This is a Ubuntu image with Assemblyline pre-installed.
Assemblyline is a scalable file triage and malware analysis system integrating the cyber security community's best tools.
Assemblyline minimizes the number of harmless files that IT practitioners are required to inspect every day, allowing them to collaborate with other users to customize and improve the platform in the process.
Steps A) Assemblyline works very much like a conveyor belt: files arrive in the system and are triaged in a certain sequence. B) Assemblyline generates information about each file and assigns a unique identifier that travels with the file as it flows through the system. C) Users can add their own analytics, which we refer to as services, to Assemblyline. D) The services selected by the user in Assemblyline then analyze the files, looking for indications of maliciousness and/or extracting features for further analysis. - The system generates alerts about a malicious file at any point during the analysis and assigns the file a score. - The system can also trigger automated defensive systems. - Malicious indicators generated by the system can be distributed to other defense systems.
Highlights
- Quick setup with Assemblyline preinstalled
- Free and available on demand
Details
Typical total price
$0.40/hour
Pricing
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
---|---|---|---|
t3.large | $0.00 | $0.083 | $0.083 |
t3.xlarge | $0.00 | $0.166 | $0.166 |
t3.2xlarge | $0.00 | $0.333 | $0.333 |
m4.2xlarge Recommended | $0.00 | $0.40 | $0.40 |
m4.4xlarge | $0.00 | - | - |
m4.10xlarge | $0.00 | - | - |
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp2) volumes | $0.10/per GB/month of provisioned storage |
Vendor refund policy
This is a free product
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
This is a basic Ubuntu image with an appliance instance of Assemblyline preinstalled.
The admin username/password is configured as: User: admin Password: geekweekAssemblyL1ne
See the Usage instructions for steps to change this.
Additional details
Usage instructions
To connect to your running instance, ensure you use the "ubuntu" user. AWS may incorrectly suggest "root". (e.g. ssh ubuntu@<public-ip>)
You'll need to update your domain settings to match the public IP or DNS where your EC2 instance is running. To do so, follow these steps to create a new self-signed certificate with your public IP/domain in the subject and configure Assemblyline to use your domain:
- cd ~/deployments/assemblyline
- Use your favourite editor to open ~/deployments/assemblyline/.env
- Update 'DOMAIN' with your public IP address or public DNS
- Create your https certs (replacing <public-IP-address> with what you used in the last step): openssl req -nodes -x509 -newkey rsa:4096 -keyout ~/deployments/assemblyline/config/nginx.key -out ~/deployments/assemblyline/config/nginx.crt -days 365 -subj "/C=CA/ST=Ontario/L=Ottawa/O=CCCS/CN=<public-IP-address>"
- Restart: sudo docker-compose restart
Now you should be able to access the Assemblyline User Interface at https://<your-public-ip-or-domain>
To update the admin username/password:
- cd ~/deployments/assemblyline
- Use your favourite editor to open ~/deployments/assemblyline/.env
- Update 'AL_ADMIN_USER' with your desired user and 'AL_ADMIN_PASSWORD' with your desired password
- Restart: sudo docker-compose restart
For more information on configuration options see https://cybercentrecanada.github.io/assemblyline4_docs/
Support
Vendor support
For more information on the configuration options for Assemblyline, see the documentation page: https://cybercentrecanada.github.io/assemblyline4_docs/ Join our discord server:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.