FireEye Red Team Tool Countermeasures Logo

FireEye Red Team Tool Countermeasures

0
Free
Visit Website

These rules are provided freely to the community without warranty. In this GitHub repository you will find rules in multiple languages: Snort Yara ClamAV HXIOC The rules are categorized and labeled into two release states: Production: rules that are expected to perform with minimal tuning. Supplemental: rules that are known to require further environment-specific tuning and tweaking to perform, and are often used for hunting workflows. Please check back to this GitHub for updates to these rules. FireEye customers can refer to the FireEye Community (community.fireeye.com) for information on how FireEye products detect these threats. The entire risk as to quality and performance of these rules is with the users.

FEATURES

ALTERNATIVES

A collection of YARA rules for Windows, Linux, and Other threats.

Open Source Threat Intelligence Collector with plugin-oriented framework.

Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

Facilitates distribution of Threat Intelligence artifacts to defensive systems.

A daily collection of IOCs from various sources, including articles and tweets.

Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.

A threat intelligence domain/IP/hash threat feeds checker that checks IPVoid, URLVoid, Virustotal, and Cymon.