yaraZeekAlert
Alert script
Automates email alerting and file handling based on YARA rule matches from Zeek sensor data
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less than 10 MB. Alerted files are copied locally to the alerted files folder.
60 stars
12 watching
16 forks
Language: Python
last commit: about 1 year ago
Linked from 1 awesome list
inquest/awesome-yaraRelated projects:
| Repository | Description | Stars |
|---|---|---|
 securitymagic/yara | A collection of YARA rules for detecting malware and suspicious activity in various environments. | 11 |
 kevthehermit/yaramail | Automates the scanning of email attachments with Yara rules for malware detection | 28 |
 dissectmalware/yaradbg-backend | An application backend designed to facilitate Yara rule analysis and root cause identification in malware detection. | 24 |
 ditekshen/detection | Detects malicious network and host activity using Yara, Snort, and ClamAV signatures. | 213 |
 michelcrypt4d4mus/yaralyzer | Analyzes binary and text data for YARA and regex matches, visualizes results with colors, and attempts to decode matched regions | 109 |
 codewatchorg/burp-yara-rules | Provides Yara rules to identify malicious software in web applications | 44 |
 karttoon/binsequencer | Automates pattern detection and YARA rule generation for malware analysis | 74 |
 xen0ph0n/yaragenerator | Automates the creation of Yara rules to detect malware and other malicious objects of interest by analyzing sample files from various sources. | 332 |
 uppusaikiran/yara-finder | Tools to detect and analyze malware using Yara rules | 2 |
 rpgeeganage/audit-node-modules-with-yara | A tool to scan node modules for malicious scripts by applying YARA rules | 20 |
 citizenlab/malware-signatures | Yara rules for identifying malware families in targeted threats | 134 |
 yara-silly-silly/yarasilly2 | Automatically generates YARA rules from sample files for malware analysis | 28 |
 advanced-threat-research/yara-rules | A collection of rules to detect and prevent malware infections using YARA-based threat intelligence | 573 |
 sophos/yaraml_rules | Automates the creation of Yara rules from machine learning models trained on malware and benign samples. | 214 |
 techbliss/yara_mailware_quick_menu_scanner | A utility that integrates Yara pattern scanning into Windows' right-click menu, allowing users to scan files and folders for malware patterns. | 35 |