Detection and Hunting Signatures Logo

Detection and Hunting Signatures

0
Free
Visit Website

A set of interrelated network and host detection rules with the aim of improving detection and hunting visibility and context. Where applicable, each Snort rule includes metadata indicating the corresponding Yara and ClamAV rules, and each Yara signature also includes metadata to the corresponding Snort and ClamAV rules, and so on. Supported Rules Currently, Snort 3, Yara and ClamAV rules are supported. Additional singatures and formats are work in progress. Scripts Currently, only scripts available are used to aid in auto-generation of hash-based and certificate-based Yara rules.

FEATURES

ALTERNATIVES

DenyHosts is a script to block SSH server attacks by automatically preventing attackers after failed login attempts.

A powerful and extensible framework for reconnaissance and attacking various networks and devices.

Python module for fast packet parsing with TCP/IP protocol definitions.

Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.

Automated signature creation using honeypots for network intrusion detection systems.

A free, open-source network protocol analyzer for capturing and displaying packet-level data.

A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.

A high-level C++ library for creating and decoding network packets with a Scapy-like interface.