This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆62Dec 16, 2023Updated 2 years ago
Alternatives and similar repositories for yaraZeekAlert
Users that are interested in yaraZeekAlert are comparing it to the libraries listed below
Sorting:
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆39Aug 18, 2022Updated 3 years ago
- This repository contains various files linked to Operation Shadowhammer as it was originally discovered by Kaspersky Team.☆12Mar 27, 2019Updated 6 years ago
- JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox☆44Jun 6, 2019Updated 6 years ago
- A simple way of detecting multithreaded exfiltration in Zeek.☆15May 1, 2025Updated 10 months ago
- ☆98Oct 7, 2020Updated 5 years ago
- Automatically create YARA rules from malicious documents.☆211May 16, 2022Updated 3 years ago
- Yet another rule generator for Yara☆29Jun 6, 2025Updated 8 months ago
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Oct 31, 2018Updated 7 years ago
- Collection of YARA signatures from individual research☆44Nov 20, 2023Updated 2 years ago
- ☆36Jan 11, 2023Updated 3 years ago
- Threat Intelligence with Elastic - Minemeld integration with Elasticsearch☆19May 11, 2021Updated 4 years ago
- Suricata LUA scripts to detect CVE-2019-12255, CVE-2019-12256, CVE-2019-12258, and CVE-2019-12260☆19Nov 28, 2019Updated 6 years ago
- ☆23Dec 15, 2022Updated 3 years ago
- Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark☆449Jan 16, 2024Updated 2 years ago
- Automatic Yara Rule Generation☆333Feb 2, 2016Updated 10 years ago
- ASERT shared scripts for reversing☆32Feb 5, 2018Updated 8 years ago
- Scripts for Bro IDS and ELK Stack☆57Sep 2, 2015Updated 10 years ago
- Extract files from network traffic with Zeek.☆102Mar 17, 2020Updated 5 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- The mission of Black Lotus Labs is to leverage our network visibility to both help protect customers and keep the internet clean.☆12Jun 18, 2021Updated 4 years ago
- Various Yara signatures (possibly to be included in a release later).☆87May 23, 2019Updated 6 years ago
- A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the…☆62Nov 26, 2025Updated 3 months ago
- Malware/IOC ingestion and processing engine☆109Nov 20, 2018Updated 7 years ago
- DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat det…☆172May 23, 2023Updated 2 years ago
- Random hunting ordiented yara rules☆96Mar 27, 2023Updated 2 years ago
- Are you able to use open source intelligence to solve this challenge?☆11Apr 14, 2019Updated 6 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Sep 17, 2019Updated 6 years ago
- Misc malware stuff☆11Sep 30, 2020Updated 5 years ago
- Ripple20 Critical Vulnerabilities - Detection Logic and Signatures☆12May 28, 2021Updated 4 years ago
- Provides a multi-platform Graphical User Interface for hashlookup☆12Jul 12, 2024Updated last year
- ☆10Dec 24, 2022Updated 3 years ago
- How to Zeek Sysmon Logs!☆103Feb 12, 2022Updated 4 years ago
- Parse wazuh[HIDS] alerts into ECS mapping using Filebeat☆27Jul 21, 2020Updated 5 years ago
- Scripts to detect Fast-Flux and DGA using DNS query responses☆44Jun 7, 2017Updated 8 years ago
- Active C2 IoCs☆99Nov 28, 2022Updated 3 years ago
- A tool to help malware analysts signature unique parts of RTF documents☆28Jan 5, 2026Updated last month
- Zeek package for tracking long connections to report them before they have completed.☆31Nov 25, 2025Updated 3 months ago
- sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Lo…☆19May 20, 2025Updated 9 months ago
- This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.☆83Mar 20, 2023Updated 2 years ago