SCILabsMX / yaraZeekAlertLinks
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆62Updated last year
Alternatives and similar repositories for yaraZeekAlert
Users that are interested in yaraZeekAlert are comparing it to the libraries listed below
Sorting:
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆87Updated 2 years ago
- A tool to assess data quality, built on top of the awesome OSSEM.☆78Updated 3 years ago
- Import specific data sources into the Sigma generic and open signature format.☆78Updated 3 years ago
- Sigma Detection Rule Repository☆89Updated 5 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆102Updated 3 weeks ago
- Log Entry to Sigma Rule Converter☆108Updated 3 years ago
- Cloud Templates and scripts to deploy mordor environments☆129Updated 4 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆81Updated 3 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆65Updated 2 years ago
- Automatically create YARA rules from malicious documents.☆211Updated 3 years ago
- Threat Alert Logic Repository☆92Updated 6 years ago
- A lightweight tool to load Windows Event Log evtx files into Elasticsearch.☆117Updated 4 years ago
- FRAC and RIFT☆17Updated 6 years ago
- Simple yara rule manager☆66Updated 2 years ago
- A collection of typical false positive indicators☆55Updated 4 years ago
- Collection of useful, up to date, Carbon Black Response Queries☆84Updated 4 years ago
- All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns☆65Updated 4 years ago
- Primary data pipelines for intrusion detection, security analytics and threat hunting☆87Updated 3 years ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆110Updated 5 years ago
- Research indicators and detection rules☆67Updated last year
- The project was moved here https://github.com/atomic-threat-coverage/atomic-threat-coverage☆25Updated 5 years ago
- A Splunk app to use MISP in background☆111Updated 2 months ago
- Mapping NSM rules to MITRE ATT&CK☆71Updated 4 years ago
- A website and framework for testing NIDS detection☆57Updated 3 years ago
- A YARA Rule Performance Measurement Tool☆59Updated last year
- Random hunting ordiented yara rules☆97Updated 2 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆100Updated 4 years ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆139Updated 4 years ago
- This repository contains all public indicators identified by 401trg during the course of our investigations. It also includes relevant ya…☆122Updated 4 years ago
- A community event for security researchers to share their favorite notebooks☆108Updated last year