vmware-archive / cbsensor-linux-kmodLinks
Linux Kernel module for Carbon Black EDR
☆12Updated 4 years ago
Alternatives and similar repositories for cbsensor-linux-kmod
Users that are interested in cbsensor-linux-kmod are comparing it to the libraries listed below
Sorting:
- Linux endpoint events for BPF enabled systems☆24Updated 2 years ago
- Parse YARA rules and operate over them more easily.☆191Updated 7 months ago
- Tools for parsing rulesets using the exact grammar as YARA. Written in Go.☆85Updated 2 years ago
- ☆60Updated 4 years ago
- This project is no longer maintained. There's a successor at https://github.com/zeek/zeek-agent-v2☆123Updated 4 years ago
- Automatically generate AV byte signatures from sets of similar binaries.☆279Updated 9 months ago
- ☆44Updated 7 years ago
- Yara powered NIDS with high speed packet capture powered by PF_RING☆69Updated last year
- The Linux port of the Sysinternals Sysmon tool.☆276Updated this week
- Trigram database written in C++, suited for malware indexing☆127Updated 11 months ago
- ☆97Updated 4 years ago
- Red Canary's eBPF Sensor☆109Updated 3 months ago
- Suricata Verification Tests - Testing Suricata Output☆116Updated last week
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 6 years ago
- Automated Yara Rule generation using Biclustering☆71Updated 4 years ago
- simple YARA-based IOC scanner☆169Updated last month
- A mapping of used malware names to commonly known family names☆62Updated 2 years ago
- Ixia ATI team open source or generally public material. Anything added here MUST be approved by Ixia Management.☆66Updated 6 years ago
- Malice AntiVirus Plugins☆116Updated 6 years ago
- gyp: A pure Go YARA parser☆106Updated last year
- x86 emulation and shellcode detection☆153Updated last year
- YaGo, converting Yara rules into JSON files.☆53Updated 6 years ago
- How to Zeek Sysmon Logs!☆102Updated 3 years ago
- This repository will hold PCAP IOC data related with known malware samples (owner: Bryant Smith)☆107Updated 4 years ago
- Symbol hash for ELF files☆112Updated 3 years ago
- ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.☆117Updated 2 years ago
- Library and tools to access the Windows Event Log (EVT) format☆60Updated last year
- ETW Python Library☆290Updated 2 years ago
- Plugin providing AF_XDP support for Bro.☆14Updated 4 years ago
- Parsing of YARA rules into AST and building new rulesets in C++.☆127Updated 2 weeks ago