SCILabsMX / yaraZeekAlert
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆61Updated last year
Alternatives and similar repositories for yaraZeekAlert:
Users that are interested in yaraZeekAlert are comparing it to the libraries listed below
- Repository containing IOCs, CSV and MISP JSON from our blogs☆80Updated 3 years ago
- Sigma Detection Rule Repository☆87Updated 4 years ago
- A tool to assess data quality, built on top of the awesome OSSEM.☆76Updated 2 years ago
- Cloud Templates and scripts to deploy mordor environments☆129Updated 4 years ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆85Updated 2 years ago
- Web based Manager for Yara Rules☆57Updated 5 years ago
- Mapping NSM rules to MITRE ATT&CK☆69Updated 4 years ago
- Validates yara rules and tries to repair the broken ones.☆39Updated 4 years ago
- Log Entry to Sigma Rule Converter☆107Updated 3 years ago
- Random hunting ordiented yara rules☆95Updated last year
- Threat Alert Logic Repository☆92Updated 6 years ago
- Import specific data sources into the Sigma generic and open signature format.☆77Updated 2 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆83Updated 4 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆100Updated 2 months ago
- A CALDERA plugin for ATT&CK Evaluations Round 1☆33Updated last year
- Personal compilation of APT malware from whitepaper releases, documents and own research☆259Updated 6 years ago
- A Splunk app to use MISP in background☆110Updated last week
- A YARA Rule Performance Measurement Tool☆58Updated last year
- ☆116Updated last year
- Mitre Att&ck Technique Emulation☆82Updated 6 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆115Updated 4 years ago
- A collection of typical false positive indicators☆55Updated 4 years ago
- Proofpoint - Emerging Threats - Threat Research tools + publicly shared intel and documentation☆72Updated 3 months ago
- A collection of my public YARA signatures for various malware families☆29Updated 6 months ago
- Compilation of resources to help with Adversary Simulation automation harness☆99Updated 4 years ago
- ☆78Updated 4 years ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆137Updated 4 years ago
- The project was moved here https://github.com/atomic-threat-coverage/atomic-threat-coverage☆24Updated 5 years ago
- A mapping of used malware names to commonly known family names☆62Updated 2 years ago
- The new name is DeTT&CT☆24Updated 5 years ago