Skip to main content

Air-Gapped Deployment

Overview

Enclave can be deployed in air-gapped environments with no internet connectivity. This guide covers the offline installation process.

Prerequisites

  1. Download the offline bundle:

    wget https://lattice.one/downloads/enclave-offline-bundle-1.0.tar.gz

  2. Transfer the bundle to your air-gapped environment

  3. Verify the checksum:

    sha256sum enclave-offline-bundle-1.0.tar.gz

Installation Steps

  1. Extract the bundle:

    tar -xzf enclave-offline-bundle-1.0.tar.gz

  2. Run the offline installer:

    cd enclave-offline
    ./install.sh

  3. Configure network settings:

    ./configure-network.sh --internal

Updates

  1. Download update packages from the Enclave Portal
  2. Transfer to air-gapped environment
  3. Apply updates: 
    ./update.sh --package update-1.1.tar.gz

```markdown:docs/docs/integration/api-reference.md
---
sidebar_position: 4
---

# API Reference

## Authentication

All API requests require an API key in the Authorization header:

```bash
Authorization: Bearer your-api-key-here

Generate API keys in the Enclave dashboard under Settings → API Keys.

Endpoints

Submit File for Analysis

POST /api/v1/analyze/file
Content-Type: multipart/form-data

Form Parameters:
- file: The file to analyze
- options: Analysis options (JSON)

Example:

curl -X POST \
  -H "Authorization: Bearer your-api-key" \
  -F "file=@malware.exe" \
  -F 'options={"timeout": 300, "environment": "windows10"}' \
  https://your-enclave/api/v1/analyze/file

Submit URL for Analysis

POST /api/v1/analyze/url
Content-Type: application/json

{
  "url": "https://suspicious-site.com",
  "options": {
    "timeout": 180,
    "capture_screenshots": true
  }
}

Get Analysis Results

GET /api/v1/results/{analysis_id}

Response:

{
  "id": "analysis_123",
  "status": "completed",
  "score": 85,
  "verdict": "malicious",
  "indicators": [...],
  "network_activity": [...],
  "screenshots": [...]
}

```markdown:docs/docs/configuration/yara-rules.md
---
sidebar_position: 5
---

# YARA Rules

## Overview

Enclave uses YARA rules to identify malicious patterns in files. This guide explains how to manage and create custom YARA rules.

## Default Rules

Enclave comes with a curated set of YARA rules for:
- Ransomware detection
- Credential stealers
- Banking trojans
- Backdoors
- Cryptominers

## Adding Custom Rules

Place your YARA rules in `/etc/enclave/yara/custom/`:

```yara
rule Suspicious_Behavior {
    meta:
        description = "Detects suspicious behavioral patterns"
        author = "Your Name"
        date = "2024-03-20"
    
    strings:
        $sus1 = "CreateRemoteThread"
        $sus2 = "VirtualAllocEx"
        $sus3 = "WriteProcessMemory"
    
    condition:
        uint16(0) == 0x5A4D and
        2 of ($sus*)
}

Rule Organization

Organize rules by category:

/etc/enclave/yara/
├── custom/
│   ├── ransomware/
│   ├── trojans/
│   └── miners/
└── default/

Testing Rules

Test your rules against known samples:

enclave-cli test-rules /path/to/rule.yar /path/to/samples/

Performance Tips

  • Use fast patterns when possible
  • Avoid excessive wildcards
  • Use file size conditions
  • Limit string count