A library of event-based analytics written in EQL to detect adversary behaviors, now integrated into the Detection Engine of Kibana.
IOC Parser is a tool to extract indicators of compromise from security reports in PDF format. A good collection of APT related reports with many IOCs can be found here: APTNotes. Usage: iocp [-h] [-p INI] [-i FORMAT] [-o FORMAT] [-d] [-l LIB] FILE FILE: File/directory path to report(s) -p INI: Pattern file -i FORMAT: Input format (pdf/txt/html) -o FORMAT: Output format (csv/json/yara) -d: Deduplicate matches -l LIB: Parsing library Installation: pip install ioc_parser Requirements: One of the following PDF parsing libraries: - PyPDF2: pip install pypdf2 - pdfminer: pip install pdfminer For HTML parsing support: - BeautifulSoup: pip install beautifulsoup4 For HTTP(S) support: - requests: pip install requests
A library of event-based analytics written in EQL to detect adversary behaviors, now integrated into the Detection Engine of Kibana.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
A set of rules for detecting threats in various formats, including Snort, Yara, ClamAV, and HXIOC.
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
A collection of Yara rules for the Burp Yara-Scanner extension to identify malicious software on websites.
Automatically curate open-source Yara rules and run scans with YAYA.