Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/SCILabsMX/yaraZeekAlert
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less than 10 MB. Alerted files are copied locally to the alerted files folder.
https://github.com/SCILabsMX/yaraZeekAlert
Last synced: about 2 months ago
JSON representation
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less than 10 MB. Alerted files are copied locally to the alerted files folder.
- Host: GitHub
- URL: https://github.com/SCILabsMX/yaraZeekAlert
- Owner: SCILabsMX
- Created: 2019-07-30T20:07:59.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2023-12-16T22:44:38.000Z (9 months ago)
- Last Synced: 2024-04-20T18:49:53.621Z (5 months ago)
- Language: Python
- Size: 694 KB
- Stars: 58
- Watchers: 12
- Forks: 16
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# yaraZeekAlert
This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a match it sends email alerts to the email address specified in the mailTo parameter on yaraAlert.conf file. The alert includes network context of the file transfer and attaches the suspicious file if it is less than 10 MB. Alerted files are copied locally to the alerted files folder.