FireEye Mandiant SunBurst Countermeasures
0
Free
These rules are provided freely to the community without warranty. In this GitHub repository you will find rules in multiple languages: Snort Yara IOC ClamAV The rules are categorized and labeled into two release states: Production: rules that are expected to perform with minimal tuning. Supplemental: rules that are known to require further environment-specific tuning and tweaking to perform, and are often used for hunting workflows. Please check back to this GitHub for updates to these rules. FireEye customers can refer to the FireEye Community (community.fireeye.com) for information on how FireEye products detect these threats. The entire risk as to quality and performance of these rules is with the users. Please review the FireEye blog for additional details on this threat. Please note: COSMICGALE and SUPERNOVA signatures and indicators are confirmed to detect malicious files and activity, however they have not been directly associated with the current UNC2452 Solarwinds compromise. The entire risk as to quality and performance of these rules is with the users. Please review the FireEye blog for additional details on this threat. Please note: COSMICGALE and SUPERNOVA signatures and indicators are confirmed to detect malicious files and activity, however they have not been directly associated with the current UNC2452 Solarwinds compromise.
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.
In-depth analysis of real-world attacks and threat tactics
Tools to export data from MISP MySQL database for post-incident analysis and correlation.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
A platform for accessing threat intelligence and collaborating on cyber threats.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security