Skip to content

InQuest/ThreatKB

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,233 Commits

.github/wiki

.github/wiki

 
 

app

app

 
 

data

data

 
 

migrations

migrations

 
 

tests

tests

 
 

.bowerrc

.bowerrc

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

Dockerfile

Dockerfile

 
 

Gruntfile.js

Gruntfile.js

 
 

LICENSE

LICENSE

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

bower.json

bower.json

 
 

docker-compose.yml

docker-compose.yml

 
 

docker-entrypoint.sh

docker-entrypoint.sh

 
 

env_template

env_template

 
 

fix_c2ip_locations.py

fix_c2ip_locations.py

 
 

generator.json

generator.json

 
 

hash_pass.py

hash_pass.py

 
 

install.bat

install.bat

 
 

install.sh

install.sh

 
 

manage.py

manage.py

 
 

merge_signatures.py

merge_signatures.py

 
 

package.json

package.json

 
 

requirements.txt

requirements.txt

 
 

run.py

run.py

 
 

run_agent.sh

run_agent.sh

 
 

run_web.sh

run_web.sh

 
 

setup.py

setup.py

 
 

testing_config.py

testing_config.py

 
 

threatkb_cli.py

threatkb_cli.py

 
 

uwsgi.yaml

uwsgi.yaml

 
 

wait-for-it.sh

wait-for-it.sh

 
 

Repository files navigation

NOTE: THIS REPO IS IN AN ALPHA STATE

ThreatKB is a knowledge base workflow management dashboard for YARA rules and C2 artifacts. Rules are categorized and used to denote intent, severity, and confidence in accumulated artifacts.

To start using ThreatKB, check out our wiki.

Installing by Docker is the currently recommended way of setting up ThreatKB, directions are included as the first link in the wiki. Installation by source is included in the wiki as well.

Table of Contents

Thank You

ThreatKB utilizes Plyara to parse YARA rules into Python dictionaries. A huge thank you to the Plyara team! Links to the project are below:

When a release is created, the system first pulls all signatures that are in the release state. Then, it gathers all signatures that are in the staging state and checks their revision history for the most recently released revision that is in the release state. If it finds it, it will include it in the release. If it does not find any previously released revisions, it will skip the signature.

About

Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)

Topics

malware-research yara yara-rules yara-manager yara-signatures

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

92 stars

Watchers

18 watching

Forks

18 forks
Report repository

Releases

3 tags

Packages

No packages published

Contributors 15

Languages