| Name | Description | URL |
|---|---|---|
| Detection Studio | Convert Sigma rules to SIEM queries, directly in your browser. | https://github.com/northsh/detection.studio |
| Laurel | Transform Linux Audit logs for SIEM usage | https://github.com/threathunters-io/laurel |
| SIGMA | Generic Signature Format for SIEM Systems | https://github.com/SigmaHQ/sigma |
| sysmon-config | Sysmon configuration file template with default high-quality event tracing | https://github.com/SwiftOnSecurity/sysmon-config |
| Unvoder IO | Detection Engineering IDE | https://uncoder.io |
| YARA | The pattern matching swiss knife | https://github.com/VirusTotal/yara |
| yarGen | yarGen is a generator for YARA rules | https://github.com/Neo23x0/yarGen |
$ sudo apt-get install automake libtool make gcc pkg-config$ sudo apt-get install flex bison$ ./bootstrap.sh$ ./configure$ make$ sudo make install$ make check$ ./configure --enable-magic$ yara /PATH/TO/yarGen/yarGen-0.23.4/yargen_rules.yar /PATH/TO/BINARY/<BINARY> -s <BINARY> /PATH/TO/BINARY/<BINARY>$ mkdir yarGen$ cd yarGen/$ wget https://github.com/Neo23x0/yarGen/archive/refs/tags/0.23.4.zip$ unzip 0.23.4.zip$ cd yarGen-0.23.4/$ python3 -m venv venv$ source venv/bin/activate$ pip3 install -r requirements.txt$ python3 yarGen.py --update$ mkdir sample$ cp rusty-recon-bot sample/$ python3 yarGen.py -a "<AUTHOR>" -r "<NAME>" -m sample/