"As a unique malware detection and threat intelligence data platform, PolySwarm's crowdsourced model substantially improves the ability to explore, enrich, and mine malware data, which directly benefits the infosec community. Qi An Xin is excited to partner with PolySwarm to continue to innovate” Liejun Wang, Director of Threat Intelligence at QiAnXin.
QiAnXin has integrated with Polyswam its RedDrip APT scanner (RAS), a detection engine with the ability to scan files and determine the APT group behind the attacks. RAS engine uses a custom file that contains malware patterns to identify the corresponding APT Groups. The insight comes from monitoring and tracking conducted by the RedDrip Team researchers and analysis systems.
“We welcome Qi An Xin as a new participant in PolySwarm’s marketplace. We strive to bring specialized engines that contribute to the ecosystem, and Qi An Xin’s RedDrop APT scanner brings unique insight into Chinese malware and the actors behind them” stated Steve Bassi, CEO of PolySwarm.
About Qi An Xin
Hello engine developers,
We are putting the finishing touches on the new backend systems used to manage engines/arbiters and handle bounties. Our goal is to release these changes into production in late March.
Overview
Our primary goal with these changes is to greatly simplify how engines are built, tested and run. And to change how they communicate with PolySwarm to be more in line with current industry standards for remote distributed services.
For those of you with existing engines connected to the marketplace, this will be a breaking change. We will provide instructions for how to update your engine to work with the new system. We are trying to make it as simple as possible.
For those who want to start a new engine, or even convert your engine to the new simpler engine framework, we will provide documentation and instructions to do so.
For any engines hosted by PolySwarm, we will update them to continue operating using the parameters they are currently configured with.
We will share a lot more information and more specific details very soon.
The following are more in-depth details for those who are interested.
Backend Changes
The first major difference is a change to a Webhook-based system to send bounties to engines. This means that engines need to run a HTTP service on a publicly available IP address/port for the webhook to communicate. The Webhook message will contain all of the information the engine needs to process a bounty, download the artifact, and return the result.
The second major difference is a change to remove the ETH wallet from the engine itself and into a PolySwarm-hosted wallet management system. We have received many complaints about the difficulty and problems with managing a wallet inside an engine, so we are separating them. This will function similarly to how a web-based crypto-currency exchange hosts a wallet for your account.
User Interface Changes
From the user interface perspective, we are adding administrative functionality to user and team accounts on https://polyswarm.network to configure and manage engines, wallets, and webhooks. We will provide an example web service plus engine along with our documentation.
For each engine, you will be able to define an engine configuration. The following are some example configuration settings:
For each account, you will be able to create an ETH wallet, which can then be used by your engine/arbiter. It will provide basic transfer functionality:
For each account, you will be able to add one or more webhooks, which can then be used by your engines/arbiters. It will provide the standard webhook functionality:
Marketplace Changes
From the marketplace perspective, PolySwarm will use engine configurations to determine which engines are sent a webhook for each bounty. PolySwarm will use responses to webhooks and bounties to track the status of each Engine. Engines can still choose not to process a bounty, by returning an “Unknown” verdict with no bid.
We will continue to use fake ETH/NCT (rinkeby) for the first month or two after these changes are released. We need thorough testing to ensure everything is working reliably, and then we can go to Mainnet.
Cheers,
Nick
Read More
We are putting the finishing touches on the new backend systems used to manage engines/arbiters and handle bounties. Our goal is to release these changes into production in late March.
Overview
Our primary goal with these changes is to greatly simplify how engines are built, tested and run. And to change how they communicate with PolySwarm to be more in line with current industry standards for remote distributed services.
For those of you with existing engines connected to the marketplace, this will be a breaking change. We will provide instructions for how to update your engine to work with the new system. We are trying to make it as simple as possible.
For those who want to start a new engine, or even convert your engine to the new simpler engine framework, we will provide documentation and instructions to do so.
For any engines hosted by PolySwarm, we will update them to continue operating using the parameters they are currently configured with.
We will share a lot more information and more specific details very soon.
The following are more in-depth details for those who are interested.
Backend Changes
The first major difference is a change to a Webhook-based system to send bounties to engines. This means that engines need to run a HTTP service on a publicly available IP address/port for the webhook to communicate. The Webhook message will contain all of the information the engine needs to process a bounty, download the artifact, and return the result.
The second major difference is a change to remove the ETH wallet from the engine itself and into a PolySwarm-hosted wallet management system. We have received many complaints about the difficulty and problems with managing a wallet inside an engine, so we are separating them. This will function similarly to how a web-based crypto-currency exchange hosts a wallet for your account.
User Interface Changes
From the user interface perspective, we are adding administrative functionality to user and team accounts on https://polyswarm.network to configure and manage engines, wallets, and webhooks. We will provide an example web service plus engine along with our documentation.
For each engine, you will be able to define an engine configuration. The following are some example configuration settings:
- engine name, description, owner's website, tags
- artifact type(s) supported
- mimetype(s) supported
- max file size supported
- rate limit
- webhook
For each account, you will be able to create an ETH wallet, which can then be used by your engine/arbiter. It will provide basic transfer functionality:
- transfer NCT/ETH into the wallet
- withdraw NCT/ETH from the wallet
For each account, you will be able to add one or more webhooks, which can then be used by your engines/arbiters. It will provide the standard webhook functionality:
- create, test, delete the webhook
Marketplace Changes
From the marketplace perspective, PolySwarm will use engine configurations to determine which engines are sent a webhook for each bounty. PolySwarm will use responses to webhooks and bounties to track the status of each Engine. Engines can still choose not to process a bounty, by returning an “Unknown” verdict with no bid.
We will continue to use fake ETH/NCT (rinkeby) for the first month or two after these changes are released. We need thorough testing to ensure everything is working reliably, and then we can go to Mainnet.
Cheers,
Nick
“We are proud to be partnering with Polyswarm, and being part of their launchpad for new technologies and innovative threat detection methods” stated Julian Ziegler, Co CEO of Inlyse.
"Cyberstanc is thrilled to collaborate with Polyswarm's initiative of creating a fully crowd sourced malware detection platform.” said Cyberstanc Founder and CEO Rohit Bankoti. “We strive to address latest challenges with constant innovations and hope to deliver benchmark cybersecurity posture for the community"