S1EMThis project is a SIEM with SIRP and Threat Intel, all in one.
Stars: ✭ 270 (+831.03%)
HamburglarHamburglar -- collect useful information from urls, directories, and files
Stars: ✭ 321 (+1006.9%)
YaraSyntaxYARA package for Sublime Text
Stars: ✭ 15 (-48.28%)
python-icap-yaraAn ICAP Server with yara scanner for URL and content.
Stars: ✭ 50 (+72.41%)
nsm-attackMapping NSM rules to MITRE ATT&CK
Stars: ✭ 53 (+82.76%)
StoqAn open source framework for enterprise level automated analysis.
Stars: ✭ 352 (+1113.79%)
brimcapConvert pcap files into richly-typed ZNG summary logs (Zeek, Suricata, and more)
Stars: ✭ 22 (-24.14%)
MultiscannerModular file scanning/analysis framework
Stars: ✭ 494 (+1603.45%)
Freki🐺 Malware analysis platform
Stars: ✭ 285 (+882.76%)
HyaraYara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)
Stars: ✭ 142 (+389.66%)
MeltingPotA tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.
Stars: ✭ 23 (-20.69%)
StrelkaReal-time, container-based file scanning at enterprise scale
Stars: ✭ 387 (+1234.48%)
yaramanagerSimple yara rule manager
Stars: ✭ 60 (+106.9%)
QnsmQNSM is network security monitoring framework based on DPDK.
Stars: ✭ 334 (+1051.72%)
factual-rules-generatorFactual-rules-generator is an open source project which aims to generate YARA rules about installed software from a machine.
Stars: ✭ 62 (+113.79%)
Ghidra scriptsScripts for the Ghidra software reverse engineering suite.
Stars: ✭ 732 (+2424.14%)
altprobecollector for XDR and security posture service
Stars: ✭ 62 (+113.79%)
EveboxWeb Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
Stars: ✭ 286 (+886.21%)
TheBriarPatchAn extremely crude, lightweight Web Frontend for Suricata/Bro to be used with BriarIDS
Stars: ✭ 21 (-27.59%)
PeframePEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
Stars: ✭ 472 (+1527.59%)
MqueryYARA malware query accelerator (web frontend)
Stars: ✭ 264 (+810.34%)
YaraSharpC# wrapper around the Yara pattern matching library
Stars: ✭ 29 (+0%)
detectionDetection in the form of Yara, Snort and ClamAV signatures.
Stars: ✭ 70 (+141.38%)
yarasploitYaraSploit is a collection of Yara rules generated from Metasploit framework shellcodes.
Stars: ✭ 31 (+6.9%)
Suricata RulesSuricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等
Stars: ✭ 397 (+1268.97%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-55.17%)
static file analysisAnalysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
Stars: ✭ 34 (+17.24%)
Yara PythonThe Python interface for YARA
Stars: ✭ 368 (+1168.97%)
gonidsgonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/
Stars: ✭ 140 (+382.76%)
YargenyarGen is a generator for YARA rules
Stars: ✭ 795 (+2641.38%)
apooxmlGenerate YARA rules for OOXML documents.
Stars: ✭ 34 (+17.24%)
PulledporkPulled Pork for Snort and Suricata rule management (from Google code)
Stars: ✭ 339 (+1068.97%)
ThreatKBKnowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
Stars: ✭ 68 (+134.48%)
Icewater16,432 Free Yara rules created by
Stars: ✭ 324 (+1017.24%)
vagrant-idsAn Ubuntu 16.04 build containing Suricata, PulledPork, Bro, and Splunk
Stars: ✭ 21 (-27.59%)
DidierstevenssuitePlease no pull requests for this repository. Thanks!
Stars: ✭ 856 (+2851.72%)
FunnelFunnel is a lightweight yara-based feed scraper
Stars: ✭ 38 (+31.03%)
Python IocextractDefanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (+934.48%)
yara-rustRust bindings for VirusTotal/Yara
Stars: ✭ 35 (+20.69%)
YaraThe pattern matching swiss knife
Stars: ✭ 5,209 (+17862.07%)
swisscheeseExploits for YARA 3.7.1 & 3.8.1
Stars: ✭ 26 (-10.34%)
Yara RulesRepository of YARA rules made by McAfee ATR Team
Stars: ✭ 283 (+875.86%)
rdppotRDP honeypot
Stars: ✭ 55 (+89.66%)
SelksA Suricata based IDS/IPS distro
Stars: ✭ 707 (+2337.93%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+27.59%)
S2ANS2AN - Mapper of Sigma/Suricata Rules/Signatures ➡️ MITRE ATT&CK Navigator
Stars: ✭ 70 (+141.38%)
ThreatingestorExtract and aggregate threat intelligence.
Stars: ✭ 439 (+1413.79%)
moleYara powered NIDS with high speed packet capture powered by PF_RING
Stars: ✭ 51 (+75.86%)
YobiYara Based Detection Engine for web browsers
Stars: ✭ 39 (+34.48%)
IocsIoC's, PCRE's, YARA's etc
Stars: ✭ 15 (-48.28%)
Holmes TotemInvestigation Planner for fast running analysis with predictable execution time. For example, static analysis.
Stars: ✭ 25 (-13.79%)
ManalyzeA static analyzer for PE executables.
Stars: ✭ 701 (+2317.24%)
SciriusScirius is a web application for Suricata ruleset management.
Stars: ✭ 435 (+1400%)