BinaryAlert is a serverless, real-time and retroactive malware detection system designed to monitor and analyze binaries at scale.
BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.
BinaryAlert is used by security teams to detect malware across large fleets of endpoints by analyzing binary files in real-time and retroactively. It enables automated, scalable intrusion detection and malware analysis without managing traditional infrastructure.
Requires AWS account with appropriate permissions; best used with existing AWS infrastructure. Serverless design minimizes maintenance but requires familiarity with AWS Lambda, S3, and related services. Retroactive scanning can be resource intensive depending on data volume.
Clone the repository: git clone https://github.com/airbnb/binaryalert.git
Navigate into the directory: cd binaryalert
Install dependencies using pip: pip install -r requirements.txt
Configure AWS credentials and permissions for deployment
Deploy the serverless stack using the provided deployment scripts
Set up S3 buckets and Lambda functions as per documentation
Configure alerting channels and monitoring as neededpython manage.py deploy
Deploys the BinaryAlert serverless infrastructure to AWS.
python manage.py scan --file <binary_file>
Manually scans a specified binary file for malware.
python manage.py retroactive_scan
Triggers retroactive scanning of previously collected binaries.
python manage.py alert
Manages and tests alerting mechanisms for detected malware.