TedDriggs / cti

Related projects ⓘ

Alternatives and complementary repositories for cti

• u-siem / u-siem-core
  Framework definitions that allow to build a custom SIEM.
  ☆25Updated last month
• puffyCid / artemis
  A cross platform forensic parser written in Rust!
  ☆67Updated last week
• malwaredb / malwaredb-rs
  MalwareDB: bookkeeping for malware, goodware, and unknown files with relationship discovery
  ☆32Updated this week
• marirs / capa-rs
  File Capability Extractor
  ☆12Updated last week
• Hugal31 / yara-rust
  Rust bindings for VirusTotal/Yara
  ☆77Updated last month
• WithSecureLabs / tau-engine
  A document tagging library
  ☆29Updated last year
• vthib / boreal
  Safe and performant YARA rules evaluator in Rust
  ☆45Updated last month
• sebdraven / IOCmite
  Create dataset for suricata with indicators of MISP instances and add sightings in MISP if an indicator of dataset generates an alert
  ☆37Updated 2 years ago
• Center-Sun / suricata-kafka-output
  provides a Suricata Eve output for Kafka with Suricate Eve plugin
  ☆14Updated 2 years ago
• avast / yarang
  Alternative YARA scanning engine
  ☆67Updated 2 years ago
• hashlookup / private-search-set
  Private Search Set (PSS) is an extension to standard Bloom filter or a standalone hash file to describe and share private set.
  ☆16Updated 7 months ago
• mitre / atomic
  A MITRE Caldera plugin
  ☆38Updated this week
• cyentific-rni / security-playbook-stix-misp-exchange
  This repository includes a mapping table and a reference process that allows converting between STIX 2.1 Course of Action objects that ma…
  ☆15Updated 2 years ago
• Neo23x0 / Loki2
  LOKI2 - Simple IOC and YARA Scanner
  ☆80Updated 3 months ago
• exein-io / kepler
  NIST-based CVE lookup store and API powered by Rust.
  ☆126Updated 3 weeks ago
• hashlookup / poppy
  Rust implementation of the DCSO Bloom filter
  ☆26Updated last month
• omerbenamram / pyevtx-rs
  Python bindings for https://github.com/omerbenamram/evtx/
  ☆49Updated 2 weeks ago
• erichutchins / geoipsed
  Fast, inline geolocation decoration of IPv4 and IPv6 addresses written in Rust
  ☆25Updated 10 months ago
• flowintel / flowintel
  An open source platform to support analysts to organise their case and tasks
  ☆55Updated this week
• mmguero-dev / Malcolm-PCAP
  A set of PCAPs used to test the parsers used by Malcolm. Also, a curated list of PCAP collections I've found online.
  ☆32Updated this week
• omerbenamram / mft
  A parser for the MFT (Master File Table) format
  ☆128Updated last year
• n4r1b / ferrisetw
  Basically a KrabsETW rip-off written in Rust
  ☆65Updated 3 months ago
• MISP / SkillAegis
  SkillAegis is a platform to design, run, and monitor exercise scenarios, enhancing skills in applications like MISP and training users in…
  ☆14Updated this week
• WhiteBeamSec / WhiteBeam
  WhiteBeam: Transparent endpoint security
  ☆96Updated last year
• StamusNetworks / suricata-language-server
  Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…
  ☆64Updated last week
• redcanaryco / oxidebpf
  A Rust library for managing eBPF programs.
  ☆116Updated 8 months ago
• dfir-dd / dionysos
  Scanner for certain IoCs
  ☆11Updated 7 months ago
• bradleyjkemp / sigma-go
  A Go implementation and parser for Sigma rules.
  ☆84Updated 2 months ago