ProcFilter Logo

ProcFilter

0
Free
Visit Website

ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft's ETW API, making results viewable in the Windows Event Log. Installation, activation, and removal can be done dynamically and does not require a reboot. ProcFilter's intended use is for malware analysts to be able to create YARA signatures that protect their Windows environments against a specific threat. It does not include a large signature set. Think lightweight, precise, and targeted rather than broad or all-encompassing. ProcFilter is also intended for use in controlled analysis environments where custom plugins can perform artifact-specific actions. Designed to be easy to adopt, ProcFilter's integration with Git and Event Log minimize the need for additional tools or infrastructure to deploy rules or gather results. ProcFilter is compatible with Windows 7+ and Windows Server 2008+ systems. Installers ProcFilter x86/x64 Release/Debug Installers Note: Unpatched Windows 7 systems require hotfix 3033929 to load the driver component.

FEATURES

ALTERNATIVES

Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.

Open-source initiative providing malicious and benign datasets to expedite data analysis and threat research.

Tool for managing Yara rules on VirusTotal

YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.

A framework for managing cyber threat intelligence in structured formats.

A serverless application for creating and monitoring URL tokens with threat intelligence and customizable alerts.

A python3 application for querying sites hosting publicly pasted data and scanning for sensitive information.

MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.