This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less tha…
☆62Dec 16, 2023Updated 2 years ago
Alternatives and similar repositories for yaraZeekAlert
Users that are interested in yaraZeekAlert are comparing it to the libraries listed below
Sorting:
- This repository contains various files linked to Operation Shadowhammer as it was originally discovered by Kaspersky Team.☆12Mar 27, 2019Updated 6 years ago
- ☆98Oct 7, 2020Updated 5 years ago
- Automatically create YARA rules from malicious documents.☆211May 16, 2022Updated 3 years ago
- A Python application to filter and transfer Zeek logs to Elastic/OpenSearch+Humio. This app can also output pure JSON logs to stdout for…☆39Aug 18, 2022Updated 3 years ago
- ☆23Dec 15, 2022Updated 3 years ago
- JoeSandbox-Bro is a simple bro script which extracts files from your internet connection and analyzes them automatically on Joe Sandbox☆44Jun 6, 2019Updated 6 years ago
- Yet another rule generator for Yara☆29Jun 6, 2025Updated 9 months ago
- Extract files from network traffic with Zeek.☆102Mar 17, 2020Updated 6 years ago
- Bro IDS + ELK Stack to detect and block data exfiltration☆46Oct 31, 2018Updated 7 years ago
- Random hunting ordiented yara rules☆96Mar 27, 2023Updated 2 years ago
- ASERT shared scripts for reversing☆32Feb 5, 2018Updated 8 years ago
- Automatic Yara Rule Generation☆333Feb 2, 2016Updated 10 years ago
- A simple way of detecting multithreaded exfiltration in Zeek.☆15May 1, 2025Updated 10 months ago
- Various Yara signatures (possibly to be included in a release later).☆87May 23, 2019Updated 6 years ago
- Tornado Demo Vulnerable Application to test SQL injection vulnerability and patch it using RASP (Runtime Application Self-Protection)☆11Nov 15, 2017Updated 8 years ago
- Collection of YARA signatures from individual research☆44Nov 20, 2023Updated 2 years ago
- Plugin for Zeek/Bro which provides http2 decoder/analyzer☆30Jun 11, 2024Updated last year
- Ripple20 Critical Vulnerabilities - Detection Logic and Signatures☆12May 28, 2021Updated 4 years ago
- Misc malware stuff☆11Sep 30, 2020Updated 5 years ago
- Sentinel Guard - Use to build up Honeypot and Honeynet with ZERO cost easily and simply.☆18Jul 25, 2021Updated 4 years ago
- Zeek Analysis Tools (ZAT): Processing and analysis of Zeek network data with Pandas, scikit-learn, Kafka and Spark☆451Updated this week
- Zeek package for tracking long connections to report them before they have completed.☆31Nov 25, 2025Updated 3 months ago
- ☆19Sep 21, 2020Updated 5 years ago
- Malware/IOC ingestion and processing engine☆110Nov 20, 2018Updated 7 years ago
- Kaspersky's GReAT KLara☆733Jul 24, 2024Updated last year
- Active C2 IoCs☆99Nov 28, 2022Updated 3 years ago
- Suricata LUA scripts to detect CVE-2019-12255, CVE-2019-12256, CVE-2019-12258, and CVE-2019-12260☆19Nov 28, 2019Updated 6 years ago
- A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the…☆62Nov 26, 2025Updated 3 months ago
- ☆10Dec 24, 2022Updated 3 years ago
- An extendable tool to extract and aggregate IoCs from threat feeds☆33Feb 6, 2024Updated 2 years ago
- ☆36Jan 11, 2023Updated 3 years ago
- zeek-scripts☆44Dec 27, 2018Updated 7 years ago
- IDA python plugin to scan binary with Yara rules☆181Jan 30, 2024Updated 2 years ago
- Zeek-Formatted Threat Intelligence Feeds☆390Updated this week
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆209Jul 21, 2022Updated 3 years ago
- Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.☆108Mar 13, 2018Updated 8 years ago
- IOC from articles, tweets for archives☆318Dec 12, 2023Updated 2 years ago
- Set of Yara rules for finding files using magics headers☆142Sep 8, 2020Updated 5 years ago
- Toolset for research malware and Cobalt Strike beacons☆211Mar 11, 2025Updated last year