Spyre Logo

Spyre

0
Free
Visit Website

Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is easy operationalization of YARA rules and other indicators of compromise. Users need to bring their own rule sets. Spyre is intended to be used as an investigation tool by incident responders, not as an endpoint protection service. Getting Started: Using Spyre is easy - add YARA signatures. In its default configuration, Spyre will read YARA rules for file and process scanning from filescan.yar and procscan.yar, respectively. Various options exist for providing rules files to Spyre.

FEATURES

ALTERNATIVES

A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.

NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.

A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.

A PowerShell module for threat hunting via Windows Event Logs

A sophisticated npm attack attributed to North Korean threat actors, targeting technology firms and their employees.

Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.

Curated datasets for developing and testing detections in SIEM installations.

A curated list of resources for learning about deploying, managing, and hunting with Microsoft Sysmon.