Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PE-Sieve Tool Category Change #881

Closed
emtuls opened this issue Jan 31, 2024 · 3 comments · Fixed by #903
Closed

PE-Sieve Tool Category Change #881

emtuls opened this issue Jan 31, 2024 · 3 comments · Fixed by #903
Assignees
Labels
❔ discussion Further discussion is needed

Comments

@emtuls
Copy link
Member

emtuls commented Jan 31, 2024

Details

Currently, this tool sits in the category of Utilities. This is an okay placement, but I feel it may be better suited in the PE category, but it depends how we intend to use "PE" as a category.

One thing to note, hollows_hunter is a similar tool and it current resides in the PE category: https://github.com/mandiant/VM-Packages/blob/main/packages/hollowshunter.vm/tools/chocolateyinstall.ps1#L5

@emtuls emtuls added the ❔ discussion Further discussion is needed label Jan 31, 2024
@mr-tz
Copy link
Contributor

mr-tz commented Feb 1, 2024

hm, I don't feel too strongly either way, it's not a PE (viewer) tool that I first think of, but I can see it being moved (especially, if there's already other similar/related tools in PE

@emtuls
Copy link
Member Author

emtuls commented Feb 1, 2024

I agree. I typically associate PE with things related to specific PE file analysis things, so it doesn't feel right to me to have hollows_hunter in there, but if our goal is things associated with anything PE related, then I guess PE-Sieve should go in there as well.

I put my thoughts and recommendations also in this issue: #883

@Ana06
Copy link
Member

Ana06 commented Feb 5, 2024

From FLARE-VM we had seen PE as the category for PE viewers so far. We could create another extra category for memory dumps (or something similar) where PE-Sieve fits better. 🤔

@emtuls emtuls self-assigned this Feb 18, 2024
@emtuls emtuls linked a pull request Feb 18, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
❔ discussion Further discussion is needed
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants