Feature
NOTE!
Before submitting, please go through our roadmap and phases to see if the feature you want is already defined there.
Is your feature request related to a problem? Please describe.
Sometimes tasks fail processing due to bad configurations or even due to bugs in the processing modules.
Currently the only way to reanalyze tasks is to submit the artifacts again. This is specially frustrating when you have long running tasks (for example, 1h-24h run time to bypass anti-analysis features involving sleep timers).
Proposed solution
Describe the solution you'd like.
Propose a clear and concise description of what you want to happen.
A way to re-run specific processing modules on a task or even re-run the whole processing pipeline.
This can be done as a new API route/method on the web and CLI API interfaces.
Additional context
This would have been particularly useful for me when I was debugging the TLS decryption errors from issue 193 ([...] Failed to run plugin Pcapreader. [...]) and VT errors from 235 (Virustotal api change causes server error 500).
The feature would be useful too to run tests when developing new processing modules, activating/configuring previously unused modules or after updating signature databases/analysis behaviour for existing modules.
Feature
NOTE!
Before submitting, please go through our roadmap and phases to see if the feature you want is already defined there.
Is your feature request related to a problem? Please describe.
Sometimes tasks fail processing due to bad configurations or even due to bugs in the processing modules.
Currently the only way to reanalyze tasks is to submit the artifacts again. This is specially frustrating when you have long running tasks (for example, 1h-24h run time to bypass anti-analysis features involving
sleeptimers).Proposed solution
Describe the solution you'd like.
Propose a clear and concise description of what you want to happen.
A way to re-run specific processing modules on a task or even re-run the whole processing pipeline.
This can be done as a new API route/method on the web and CLI API interfaces.
Additional context
This would have been particularly useful for me when I was debugging the TLS decryption errors from issue 193 ([...] Failed to run plugin Pcapreader. [...]) and VT errors from 235 (Virustotal api change causes server error 500).
The feature would be useful too to run tests when developing new processing modules, activating/configuring previously unused modules or after updating signature databases/analysis behaviour for existing modules.