SCILabsMX / yaraZeekAlert
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆61Updated last year
Alternatives and similar repositories for yaraZeekAlert:
Users that are interested in yaraZeekAlert are comparing it to the libraries listed below
- A tool to assess data quality, built on top of the awesome OSSEM.☆77Updated 2 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆81Updated 3 years ago
- Sigma Detection Rule Repository☆87Updated 4 years ago
- Collection of YARA signatures from individual research☆44Updated last year
- Cloud Templates and scripts to deploy mordor environments☆129Updated 4 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆100Updated 3 months ago
- Threat Alert Logic Repository☆92Updated 6 years ago
- Personal compilation of APT malware from whitepaper releases, documents and own research☆261Updated 6 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆99Updated 4 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆63Updated 2 years ago
- Log Entry to Sigma Rule Converter☆107Updated 3 years ago
- Random hunting ordiented yara rules☆95Updated 2 years ago
- Mapping NSM rules to MITRE ATT&CK☆71Updated 4 years ago
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆123Updated 3 years ago
- Simple yara rule manager☆66Updated 2 years ago
- Research indicators and detection rules☆66Updated last year
- All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns☆65Updated 4 years ago
- Repository of yara rules☆59Updated 2 years ago
- Tool to extract indicators of compromise from security reports in PDF format☆72Updated 10 months ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆85Updated 2 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆83Updated 4 years ago
- A repo to document API functions mapped to security events across diverse platforms☆75Updated 5 years ago
- Validates yara rules and tries to repair the broken ones.☆39Updated 4 years ago
- FRAC and RIFT☆17Updated 6 years ago
- A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files…☆71Updated 3 years ago
- Various capabilities for static malware analysis.☆77Updated 7 months ago
- Web based Manager for Yara Rules☆57Updated 5 years ago
- Import specific data sources into the Sigma generic and open signature format.☆78Updated 2 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆115Updated 4 years ago
- Cuckoo Sandbox is an automated dynamic malware analysis system☆107Updated 4 years ago