Binlib Feature Requests

Signalblur · March 18, 2025, 3:44am

I have a couple of feature reqs for the Binlib extension:

If the file is a PE file and has an OriginalFileName value (the value collected by sysmon) have it displayed.
The telfhash for ELF binaries - GitHub - trendmicro/telfhash: Symbol hash for ELF files
Validate the file size is shown in the first_seen event if it’s already been collected behind the scenes and doesn’t need to be re-fetched/acquired or add it to the first_seen event
An API call to check how many binaries your organization has in its binlib instance, and the total file size.
Expand binlib to include files collected in the doc_cache_get files - Reference: Endpoint Agent Commands

Long term: It’d be cool if you clicked a file in the binlib it showed both the file hex/strings/wide strings

Topic		Replies	Views
Extension Developer Feature Requests Feature Requests extension	0	19	March 13, 2025
New CelesTLSH Feature: Manual TLSH Lookups! Magonia Research	0	7	March 30, 2025
Incorrect Hash for NEW_DOCUMENT Support	6	36	May 1, 2025
Extension Feature Request: A large String entry box Feature Requests	0	4	March 30, 2025
Sigma Extension Feature Request Feature Requests	0	13	March 18, 2025