Application Inspector is different from traditional static analysis tools in that it doesn't attempt to identify "good" or "bad" patterns it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more.
OSQUERY REGEXP SOFTWARE
It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or what it does from what file operations it uses, encryption, shell operations, cloud API's, frameworks and more and has received industry attention as a new and valuable contribution to OSS on ZDNet, SecurityWeek, CSOOnline, /news, HelpNetSecurity, Twitter and more and was first featured on. Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. The DumpsterFire toolset will auto-detect your custom Fires at startup and make them available for use.ĪpplicationInspector - A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine Just write your own Fire module and drop it into the FireModules directory. The toolset is designed to be dynamically extensible, allowing you to create your own Fires (event modules) to add to the included collection of toolset Fires. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts. Turn paper tabletop exercises into controlled "live fire" range events.
Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Easily create custom event chains for Blue Team drills and sensor / alert mapping. The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Advanced users can build visualizations the suit their own investigative or operational requirements, optionally contributing those back to the primary code repository.ĭumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events
OSQUERY REGEXP DOWNLOAD
Instead, they can simply download the pre-built and ready-to-use SOF-ELK® virtual appliance that consumes various source data types (numerous log types as well as NetFlow), parsing out the most critical data and visualizing it on several stock dashboards. With a significant amount of customization and ongoing development, SOF-ELK® users can avoid the typically long and involved setup process the ELK stack requires. The platform is a customized build of the open source ELK stack, consisting of the Elasticsearch storage and search engine, Logstash ingest and enrichment system, and the Kibana dashboard frontend. SOF-ELK® is a “big data analytics” platform focused on the typical needs of computer forensic investigators/analysts and information security operations personnel. This repository contains the configuration and support files for the SANS FOR572 SOF-ELK® VM Appliance. Sof-elk - Configuration files for the SOF-ELK VM, used in SANS FOR572
0 kommentar(er)
