SCILabsMX / yaraZeekAlertLinks
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆62Updated 2 years ago
Alternatives and similar repositories for yaraZeekAlert
Users that are interested in yaraZeekAlert are comparing it to the libraries listed below
Sorting:
- Repository containing IOCs, CSV and MISP JSON from our blogs☆83Updated 4 years ago
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆122Updated 4 years ago
- Sigma Detection Rule Repository☆91Updated 5 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆103Updated 5 months ago
- A tool to assess data quality, built on top of the awesome OSSEM.☆79Updated 3 years ago
- Log Entry to Sigma Rule Converter☆108Updated 3 years ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆90Updated 3 years ago
- Import specific data sources into the Sigma generic and open signature format.☆79Updated 3 years ago
- Collection of YARA signatures from individual research☆45Updated 2 years ago
- Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.☆109Updated 7 years ago
- Simple yara rule manager☆66Updated 2 years ago
- Automatically create YARA rules from malicious documents.☆212Updated 3 years ago
- A website and framework for testing NIDS detection☆57Updated 4 years ago
- Research indicators and detection rules☆67Updated 2 years ago
- A collection of typical false positive indicators☆55Updated 5 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆119Updated 5 years ago
- ☆78Updated 5 years ago
- Threat Alert Logic Repository☆92Updated 6 years ago
- Random hunting ordiented yara rules☆98Updated 2 years ago
- Personal compilation of APT malware from whitepaper releases, documents and own research☆267Updated 6 years ago
- A mapping of used malware names to commonly known family names☆62Updated 2 years ago
- ☆116Updated last year
- Web based Manager for Yara Rules☆58Updated 5 years ago
- FRAC and RIFT☆17Updated 6 years ago
- A YARA Rule Performance Measurement Tool☆61Updated last year
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆69Updated 3 years ago
- Mapping NSM rules to MITRE ATT&CK☆73Updated 5 years ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆111Updated 5 years ago
- ☆34Updated 5 years ago
- Set of Yara rules for finding files using magics headers☆140Updated 5 years ago