AMIRA is a service for automatic analysis of OSXCollector files. Automated analysis is performed via OSXCollector output filters.
More specifically, with One Filter to Rule Them All. AMIRA takes care of retrieving the output files from an S3 bucket, running the analysis filter, and then uploading the analysis results back to the S3.
The service uses S3 bucket event alerts to enable resolution. You will need to configure an S3 bucket for the OSXCollector output files so that when a file is added there, the notification will be sent to a series of SQS (AmiraS3EventNotifications in the image below).
AMIRA periodically checks the order for any new messages and when downloaded will get the OSXCollector output file from the S3 bucket. It will then run the analysis filter on the recovered file.
The analysis filter executes all the filters contained in the OSXCollector output filter package sequentially. Some of them communicate with external resources, such as hashes and use Intel API threat machines, e.g. VirusTotal, OpenDNS Investigate or ShadowServer.
The initial output of OSXCollector extends with all this information and the last filter run by the analysis filter summarizes all the findings in human-readable form. Once the filter is complete, the analysis results will be loaded into the S3 results analysis bucket
Information about the installation and the use of the program, you will find here.