https://github.com/circl/volatility-misp
Volatility plugin to interface with MISP
https://github.com/circl/volatility-misp
misp volatility yara
Last synced: 9 months ago
JSON representation
Volatility plugin to interface with MISP
- Host: GitHub
- URL: https://github.com/circl/volatility-misp
- Owner: CIRCL
- License: gpl-3.0
- Created: 2017-07-18T11:30:16.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2017-08-10T14:04:03.000Z (almost 9 years ago)
- Last Synced: 2025-10-13T19:35:44.069Z (9 months ago)
- Topics: misp, volatility, yara
- Language: Python
- Homepage:
- Size: 27.3 KB
- Stars: 11
- Watchers: 8
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-forensics - **10**星
README
volatility-misp
======
# volatility-misp - Volatility plugin to interface with MISP
volatility-misp is a [volatility](https://github.com/volatilityfoundation/volatility) plugin that allows to pull [yara](https://github.com/virustotal/yara) rules from a MISP instance's yara attributes and use them in yarascan.
__This is a work in progress__, no documentation available yet
## Requirements
* Python 2.7 if used as a volatility module
* Python 2.7 or 3+ if used as a library (excluding volatility_misp.py)
* [PyMISP](https://github.com/MISP/PyMISP)
* [yara-python](https://github.com/VirusTotal/yara-python)
* [volatility](https://github.com/volatilityfoundation/volatility)
## Current capabilities
* Pulling yara rules from a MISP server
* Sorting valid yara rules from broken rules
* Suggesting fixes for some of the broken rules (*currently unused*)
* Running the valid yara rules on a memory dump (*same capabilities and options as yarascan*)