SCILabsMX / yaraZeekAlert
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆60Updated 11 months ago
Related projects ⓘ
Alternatives and complementary repositories for yaraZeekAlert
- Repository containing IOCs, CSV and MISP JSON from our blogs☆79Updated 3 years ago
- A tool to assess data quality, built on top of the awesome OSSEM.☆76Updated 2 years ago
- ☆78Updated 4 years ago
- Import specific data sources into the Sigma generic and open signature format.☆77Updated 2 years ago
- Sigma Detection Rule Repository☆85Updated 4 years ago
- Cloud Templates and scripts to deploy mordor environments☆127Updated 3 years ago
- A website and framework for testing NIDS detection☆56Updated 3 years ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆84Updated last year
- Various capabilities for static malware analysis.☆75Updated 2 months ago
- Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.☆104Updated 6 years ago
- Random hunting ordiented yara rules☆95Updated last year
- Compilation of resources to help with Adversary Simulation automation harness☆100Updated 4 years ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆96Updated 5 months ago
- Threat Alert Logic Repository☆89Updated 5 years ago
- Validates yara rules and tries to repair the broken ones.☆39Updated 4 years ago
- Personal compilation of APT malware from whitepaper releases, documents and own research☆255Updated 5 years ago
- Collection of YARA signatures from individual research☆42Updated last year
- Log Entry to Sigma Rule Converter☆105Updated 2 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆58Updated last year
- Collection of useful, up to date, Carbon Black Response Queries☆83Updated 4 years ago
- YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA☆98Updated 2 months ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆115Updated 4 years ago
- ☆38Updated 10 months ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆132Updated 4 years ago
- Automatically create YARA rules from malicious documents.☆207Updated 2 years ago
- FRAC and RIFT☆17Updated 5 years ago
- Valhalla API Client☆63Updated last year
- A mapping of used malware names to commonly known family names☆61Updated last year
- All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns☆65Updated 3 years ago