Detection and Hunting Signatures Logo

Detection and Hunting Signatures

0
Free
Visit Website

A set of interrelated network and host detection rules with the aim of improving detection and hunting visibility and context. Where applicable, each Snort rule includes metadata indicating the corresponding Yara and ClamAV rules, and each Yara signature also includes metadata to the corresponding Snort and ClamAV rules, and so on. Supported Rules Currently, Snort 3, Yara and ClamAV rules are supported. Additional singatures and formats are work in progress. Scripts Currently, only scripts available are used to aid in auto-generation of hash-based and certificate-based Yara rules.

FEATURES

ALTERNATIVES

Romana automates cloud native network creation and secures applications with a distributed firewall.

A lookup service for AS-numbers and prefixes by country

A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.

A honeypot system designed to detect and analyze potential security threats

A set of Go-based emulators for testing network security and analyzing network traffic.

Hale is a botnet command & control monitor/spy with a modular design and various monitoring capabilities, including IRC and HTTP, to aid in botnet hunting and research.

Intercepts and examines mobile app connections by stripping SSL/TLS layer.

A network protocol panic button operating decentralized through UDP broadcasts and HTTP, intended for sensitive networks to prevent cold boot attacks.