Yaraify is one of the many services Abuse.ch freely provides to the public. It exposes quite some API endpoints that contain useful information. Before open-sourcing this API client, there was no publicly supported Java library. The code can be found on Github, along with the latest pre-built release. Below, more information on the usage is given, as well as a rationale on the code.
Table of contents
One can use this API client library in two ways: either as a Maven dependency, or as a generic library. Below, both methods are explained in detail.
Since the project is Maven based, one can install it in your local Maven repository using the command that is given below, where one has to change the paths. More information can be found on the official Maven website.
mvn install:install-file -Dfile=<path-to-file> -DpomFile=<path-to-pomfile>
To include the project, one has to include it as a dependency in the project’s pom.xml file. Note that it first needs to be installed in the local Maven repository on the machine where the compilation takes place. The XML snippet below can be used to add the most recent version as a dependency.
<dependency> <groupId>yaraifyapi</groupId> <artifactId>YaraifyApi</artifactId> <version>1.0-stable</version> <type>jar</type> </dependency>
Building it as a JAR that includes the dependencies can be done using the command that is given below. One can use this file as a local dependency in any kind of Java project.
mvn clean compile assembly:single
The YaraifyApi object requires the platform’s API key in the constructor, optionally along with an API key for Malpedia, in order to use their private Yara rules. The public functions of the class expose the API endpoints, as well as other convenient functions. The returned JSON data is converted into Java classes, which provides easy access to the service’s data in an automated way.
Below, links are given to the blogs that contain the version specific release notes. The most recent release is the first link in the list.