SCILabsMX / yaraZeekAlert
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆59Updated 9 months ago
Related projects: ⓘ
- A tool to assess data quality, built on top of the awesome OSSEM.☆76Updated 2 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆78Updated 3 years ago
- Sigma Detection Rule Repository☆84Updated 4 years ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆83Updated last year
- ☆35Updated 8 months ago
- ☆78Updated 4 years ago
- YARA rule metadata specification and validation utility / Spécification et validation pour les r ègles YARA☆93Updated 2 weeks ago
- Threat Alert Logic Repository☆88Updated 5 years ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆130Updated 3 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆114Updated 3 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆82Updated 3 years ago
- Personal compilation of APT malware from whitepaper releases, documents and own research☆253Updated 5 years ago
- Cloud Templates and scripts to deploy mordor environments☆127Updated 3 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆99Updated 4 years ago
- A Splunk app to use MISP in background☆109Updated 8 months ago
- FRAC and RIFT☆17Updated 5 years ago
- A website and framework for testing NIDS detection☆56Updated 3 years ago
- Mapping NSM rules to MITRE ATT&CK☆68Updated 4 years ago
- ATT&CK Evaluations website (DEPRECATED)☆59Updated 3 years ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago
- A repo to document API functions mapped to security events across diverse platforms☆74Updated 4 years ago
- A CALDERA plugin for ATT&CK Evaluations Round 1☆33Updated last year
- Log Entry to Sigma Rule Converter☆105Updated 2 years ago
- Import specific data sources into the Sigma generic and open signature format.☆77Updated 2 years ago
- The new name is DeTT&CT☆24Updated 5 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆94Updated 3 months ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆106Updated 4 years ago
- Research indicators and detection rules☆67Updated 11 months ago
- An Inofficial Sysmon Version History (Change Log)☆32Updated 3 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆57Updated last year