SCILabsMX / yaraZeekAlertLinks
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆62Updated last year
Alternatives and similar repositories for yaraZeekAlert
Users that are interested in yaraZeekAlert are comparing it to the libraries listed below
Sorting:
- A tool to assess data quality, built on top of the awesome OSSEM.☆78Updated 2 years ago
- Sigma Detection Rule Repository☆88Updated 5 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆81Updated 3 years ago
- Cloud Templates and scripts to deploy mordor environments☆129Updated 4 years ago
- Import specific data sources into the Sigma generic and open signature format.☆78Updated 3 years ago
- Log Entry to Sigma Rule Converter☆108Updated 3 years ago
- ☆77Updated 4 years ago
- All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns☆65Updated 4 years ago
- Compilation of resources to help with Adversary Simulation automation harness☆100Updated 4 years ago
- A website and framework for testing NIDS detection☆57Updated 3 years ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆102Updated 2 weeks ago
- S2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator☆87Updated 2 years ago
- Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.☆109Updated 7 years ago
- Threat Alert Logic Repository☆92Updated 6 years ago
- References for FIRST CTI 2019 Symposium presentation☆22Updated 6 years ago
- Mapping NSM rules to MITRE ATT&CK☆71Updated 4 years ago
- Mapping your datasources and detections to the MITRE ATT&CK Navigator framework.☆58Updated 5 years ago
- Web based Manager for Yara Rules☆58Updated 5 years ago
- The new name is DeTT&CT☆24Updated 5 years ago
- Imports Alienvault OTX pulses to a MISP instance☆53Updated 3 years ago
- A Splunk app to use MISP in background☆110Updated 3 weeks ago
- A CALDERA plugin for ATT&CK Evaluations Round 1☆33Updated last year
- ATT&CK Evaluations website (DEPRECATED)☆59Updated 4 years ago
- A MITRE Caldera plugin written in Python 3 used to convert Red Canary Atomic Red Team Tests to MITRE Caldera Stockpile YAML ability files…☆71Updated 3 years ago
- A community event for security researchers to share their favorite notebooks☆107Updated last year
- Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings☆122Updated 3 years ago
- Repository for my ATT&CK analysis research.☆69Updated 6 years ago
- Tool to extract indicators of compromise from security reports in PDF format☆72Updated last year
- Collection of useful, up to date, Carbon Black Response Queries☆83Updated 4 years ago
- Personal compilation of APT malware from whitepaper releases, documents and own research☆260Updated 6 years ago