GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → KasperskyLab → Klara

KasperskyLab / Klara

Licence: other
Kaspersky's GReAT KLara

Labels

threat-huntingthreat-intelligence

Projects that are alternatives of or similar to Klara

Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (-22.3%)
Mutual labels:  threat-hunting, threat-intelligence
AutonomousThreatSweep
Threat Hunting queries for various attacks
Stars: ✭ 70 (-87.61%)
Mutual labels:  threat-hunting, threat-intelligence
sqhunter
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-88.67%)
Mutual labels:  threat-hunting, threat-intelligence
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+516.81%)
Mutual labels:  threat-hunting, threat-intelligence
Misp Galaxy
Clusters and elements to attach to MISP events or attributes (like threat actors)
Stars: ✭ 276 (-51.15%)
Mutual labels:  threat-hunting, threat-intelligence
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-60.35%)
Mutual labels:  threat-hunting, threat-intelligence
Stalkphish
StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
Stars: ✭ 256 (-54.69%)
Mutual labels:  threat-hunting, threat-intelligence
malware-persistence
Collection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (-80.71%)
Mutual labels:  threat-hunting, threat-intelligence
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-35.75%)
Mutual labels:  threat-hunting, threat-intelligence
IronNetTR
Threat research and reporting from IronNet's Threat Research Teams
Stars: ✭ 36 (-93.63%)
Mutual labels:  threat-hunting, threat-intelligence
Azure-Sentinel-4-SecOps
Microsoft Sentinel SOC Operations
Stars: ✭ 140 (-75.22%)
Mutual labels:  threat-hunting, threat-intelligence
pybinaryedge
Python 3 Wrapper for the BinaryEdge API https://www.binaryedge.io/
Stars: ✭ 16 (-97.17%)
Mutual labels:  threat-hunting, threat-intelligence
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (-94.87%)
Mutual labels:  threat-hunting, threat-intelligence
Dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+452.92%)
Mutual labels:  threat-hunting, threat-intelligence
SSHapendoes
Capture passwords of login attempts on non-existent and disabled accounts.
Stars: ✭ 31 (-94.51%)
Mutual labels:  threat-hunting, threat-intelligence
Scrummage
The Ultimate OSINT and Threat Hunting Framework
Stars: ✭ 355 (-37.17%)
Mutual labels:  threat-hunting, threat-intelligence
ThreatIntelligence
Tracking APT IOCs
Stars: ✭ 23 (-95.93%)
Mutual labels:  threat-hunting, threat-intelligence
Malware-Sample-Sources
Malware Sample Sources
Stars: ✭ 214 (-62.12%)
Mutual labels:  threat-hunting, threat-intelligence
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-96.11%)
Mutual labels:  threat-hunting, threat-intelligence
OSINT-Brazuca
Repositório criado com intuito de reunir informações, fontes(websites/portais) e tricks de OSINT dentro do contexto Brasil.
Stars: ✭ 508 (-10.09%)
Mutual labels:  threat-hunting, threat-intelligence
View All Similar Projects ➔

GReAT's KLara project

KLara project is aimed at helping Threat Intelligence researchers hunt for new malware using Yara.

In order to hunt efficiently for malware, one needs a large collection of samples to search over. Researchers usually need to fire a Yara rule over a collection / set of malicious files and then get the results back. In some cases, the rule needs adjusting. Unfortunately, scanning a large collection of files takes time. Instead, if a custom architecture is used, scanning 10TB of files can take around 30 minutes.

KLara, a distributed system written in Python, allows researchers to scan one or more Yara rules over collections with samples, getting notifications by e-mail as well as the web interface when scan results are ready.

Features

  • Modern web interface, allowing researchers to "fire and forget" their rules, getting back results by e-mail / API
  • Powerful API, allowing for automatic Yara jobs submissions, checking their status and getting back results. API Documentation will be released soon.
  • Distributed system, running on commodity hardware, easy to deploy and implement.

Architecture

KLara leverages Yara's power, distributing scans using a dispatcher-worker model. Each worker server connects to a dispatcher trying to check if new jobs are available. If a new job is indeed available, it checks to see if the required scan repository is available on its own filesystem and, if it is, it will start the Yara scan with the rules submitted by the researcher

The main issue KLara tries to solve is running Yara jobs over a large collection of malware samples ( > 1TB) in a reasonable amount of time.

Installing KLara

Please refer to instructions outlined here

======

If you have any issues with installing this software, please submit a bug report

Contributing and reporting issues

Anyone is welcome to contribute. Please submit a PR and our team will review it.

You can get in touch with us on our Telegram channel: #KLara

The best way to submit bugs or issues is using Github's Issues feature.

Credits

KLara team would like to thank

  • Costin, Marco, Vitaly, Sergey
  • Current, former and future GReAT members!
  • [email protected]
  • All contributors

for their amazing input and ideas. Happy hunting!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].