Alternatives and similar repositories for cti

Users that are interested in cti are comparing it to the libraries listed below

• u-siem / u-siem-core
  Framework definitions that allow to build a custom SIEM.
  ☆27Updated 8 months ago
• puffyCid / artemis
  A cross platform forensic parser written in Rust!
  ☆83Updated this week
• Hugal31 / yara-rust
  Rust bindings for VirusTotal/Yara
  ☆76Updated 3 months ago
• jopohl / sigma-rust
  A Rust library for parsing and evaluating Sigma rules
  ☆12Updated 3 weeks ago
• vthib / boreal
  Safe and performant YARA rules evaluator in Rust
  ☆60Updated this week
• WithSecureLabs / tau-engine
  A document tagging library
  ☆30Updated 2 months ago
• marirs / capa-rs
  File Capability Extractor
  ☆13Updated 2 months ago
• avast / yarang
  Alternative YARA scanning engine
  ☆70Updated 2 years ago
• marirs / sigma-convert
  Convert Sigma Rules to different formats
  ☆11Updated 9 months ago
• rusticata / pcap-analyzer
  PAL (Pcap Analysis Library)
  ☆100Updated 6 months ago
• malwaredb / malwaredb-rs
  MalwareDB: bookkeeping for malware, goodware, and unknown files with relationship discovery
  ☆46Updated this week
• sebdraven / IOCmite
  Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert
  ☆36Updated 2 years ago
• hashlookup / poppy
  Rust implementation of the DCSO Bloom filter
  ☆28Updated 2 months ago
• hashlookup / private-search-set
  Private Search Set (PSS) is an extension to standard Bloom filter or a standalone hash file to describe and share private set.
  ☆16Updated 4 months ago
• erichutchins / geoipsed
  Fast, inline geolocation decoration of IPv4 and IPv6 addresses written in Rust
  ☆27Updated last year
• rapid7 / resynth
  A network packet synthesis language
  ☆20Updated 3 weeks ago
• Center-Sun / suricata-kafka-output
  provides a Suricata Eve output for Kafka with Suricate Eve plugin
  ☆14Updated 3 years ago
• DevoInc / sightingdb
  Sighting DB is designed to scale writing and reading a count of attributes, tracking when if was first and last seen
  ☆16Updated last year
• mmguero-dev / Malcolm-PCAP
  This repository has been archived in favor of https://github.com/idaholab/Malcolm-Test-Artifacts
  ☆36Updated 5 months ago
• redcanaryco / oxidebpf
  A Rust library for managing eBPF programs.
  ☆120Updated last year
• cea-sec / openwec
  An implementation of a Windows Event Collector server running on GNU/Linux.
  ☆72Updated last month
• jasonish / suricatax-rule-parser-rs
  ☆11Updated last week
• bartnv / portlurker
  Port listener / honeypot in Rust with protocol guessing and safe string display
  ☆34Updated last month
• elastic / siglearn
  Code for BH21 talk: "Generating YARA Rules by Classifying Malicious Byte Sequences"
  ☆17Updated 4 months ago
• exein-io / kepler
  NIST-based CVE lookup store and API powered by Rust.
  ☆130Updated this week
• SecSamDev / sysmon-arangodb
  Threat hunting with Sysmon and ArangoDB Graphs
  ☆11Updated 5 years ago
• rusticata / kerberos-parser
  Kerberos parser written in rust with nom
  ☆15Updated 2 months ago
• avast / yari
  YARI is an interactive debugger for YARA Language.
  ☆88Updated 4 months ago
• CERT-Polska / ursadb
  Trigram database written in C++, suited for malware indexing
  ☆125Updated 7 months ago
• stricaud / sightingdb
  SightingDB is a database for Sightings
  ☆22Updated last year