1computerguy / tls-mal-detect
Using machine learning to detect malware in encrypted TLS traffic metadata
☆17Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for tls-mal-detect
- A Zeek script to generate features based on timing, volume and metadata for traffic classification.☆53Updated 4 years ago
- A completely automated anomaly detector Zeek network flows files (conn.log).☆74Updated 3 months ago
- nPrint provides a generalizable data representation for network packets that works directly with machine learning techniques☆102Updated 2 years ago
- ☆42Updated 6 years ago
- Pcap-splitter allows you to split a pcap file into subsets of pcap files based on sessions, flows, ip addresses, number of bytes, number …☆63Updated 5 years ago
- A collection of resources for security data☆40Updated 6 years ago
- Official ID2T repository. ID2T creates labeled IT network datasets that contain user defined synthetic attacks.☆57Updated last year
- ☆96Updated 4 years ago
- ☆62Updated 6 years ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆35Updated 2 years ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆84Updated last year
- PcapMonkey will provide an easy way to analyze pcap using the latest version of Suricata and Zeek.☆144Updated 8 months ago
- DGA Detective - Hunt domains generated by Domain Generation Algorithms to identify malware traffic☆37Updated 3 months ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆50Updated 2 years ago
- ICS Cybersecurity PCAP respository☆49Updated 5 years ago
- The Security Analyst’s Guide to Suricata☆51Updated 5 months ago
- A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the…☆61Updated 2 years ago
- Snorpy is a python script the gives a Gui interface to help those new to snort create rules.☆60Updated 2 months ago
- DoHlyzer is a DNS over HTTPS (DoH) traffic flow generator and analyzer for anomaly detection and characterization.☆57Updated last year
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆63Updated last month
- ☆38Updated 10 months ago
- An awesome list of resources on deception-based security with honeypots and honeytokens☆159Updated last year
- Mapping NSM rules to MITRE ATT&CK☆68Updated 4 years ago
- Download pcap files from http://www.malware-traffic-analysis.net/☆73Updated 6 years ago
- A python app to predict Att&ck tactics and techniques from cyber threat reports☆115Updated 11 months ago
- zeek-scripts☆41Updated 5 years ago
- Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security relate…☆158Updated 11 months ago
- Zeek Training Materials/Products☆35Updated last month
- This tool maps a file's behavior on MITRE ATT&CK matrix.☆57Updated 4 years ago
- 🚨ATTENTION🚨 The VERIS mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here …☆71Updated 7 months ago