205 Open source projects that are alternatives of or similar to Yara Endpoint

A simple many-rules to many-files YARA scanner for incident response or malware zoos.

Exporting MISP event attributes to yara rules usable with Thor apt scanner

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Wazuh - Chef cookbooks

Extract and aggregate threat intelligence.

FAME Automates Malware Evaluation

Operation Wocao - Indicators of Compromise

Modular file scanning/analysis framework

An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree view.

The Python interface for YARA

A curated list of Site Reliability and Production Engineering resources.

Information gathering & website reconnaissance | https://phishstats.info/

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

An extendable, tabbed, dockable UI widget plugin for BinaryNinja https://binary.ninja.

A list of cyber-chef recipes and curated links

PS / Bash / Python / Other scripts For FUN!

OPCDE Cybersecurity Conference Materials

PagerDuty's Incident Response Documentation.

A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Python API Client for Cortex

An open source framework for enterprise level automated analysis.

Maltego CaseFile entities for information security investigations, malware analysis and incident response

16,432 Free Yara rules created by

A static analyzer for PE executables.

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Digging Deeper....

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

Cortex: a Powerful Observable Analysis and Active Response Engine

A role-playing game for incident management training

DIE engine

Indicators of Compromises (IOC) of our various investigations

A repository for using osquery for incident detection and response

Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.

Open source incident management and response platform.

IoC's, PCRE's, YARA's etc

CLI tool to analyze PE files

The pattern matching swiss knife

Please no pull requests for this repository. Thanks!

PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.

Explore Indicators of Compromise Automatically

A curated list of tools for incident response

Investigation Planner for fast running analysis with predictable execution time. For example, static analysis.

Real-time, container-based file scanning at enterprise scale

incident response tool for iOS devices

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

yarGen is a generator for YARA rules

Documentation of TheHive

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Scripts for the Ghidra software reverse engineering suite.

Hamburglar -- collect useful information from urls, directories, and files

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Wazuh - Ruleset

Guidance for mitigation web shells. #nsacyber

A Web Malware Scanner

Trigram database written in C++, suited for malware indexing

Various Yara signatures (possibly to be included in a release later).